Malware Analysis Report

2025-08-05 15:49

Sample ID 240529-lg25esab6y
Target nazimodpc-v2.4.rar
SHA256 004be9ec7982c94c19af5386132c96e4518e55dd940d895c7e68a6a869c1fee7
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

004be9ec7982c94c19af5386132c96e4518e55dd940d895c7e68a6a869c1fee7

Threat Level: Likely benign

The file nazimodpc-v2.4.rar was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 09:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 09:31

Reported

2024-05-29 09:33

Platform

win10-20240404-en

Max time kernel

117s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 4140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 4140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 3204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2336 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe

"C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.0.1127802271\1206895008" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1600 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {043bdb6a-50c7-422d-ae86-333290cdb6fd} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1748 279709e7b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.1.1902623603\855439829" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {336670c4-4807-4244-9f56-062a76824c8a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2120 27970333558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.2.1969952240\1698392040" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2904 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fb1b9e3-4858-4834-89a2-8ecbcc8acb33} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2788 27974ad2358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.3.697405039\1525554926" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3839351-426c-401d-90f6-a97264683ec7} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3456 27965861958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.4.1302640262\1494964250" -childID 3 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40f6f1b-7cd3-4d15-8b3c-ba02e71564fa} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3228 2797604e458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.5.1727831770\1386050018" -childID 4 -isForBrowser -prefsHandle 4660 -prefMapHandle 4620 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dff1568c-cbe8-4a53-9ef4-e8ff85a05842} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4688 279750b2858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.6.980541135\103815235" -childID 5 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a59477-203f-40ea-8576-383895bbb739} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4816 27976c3af58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.7.1894156319\51615237" -childID 6 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {349028b7-fba5-413d-846e-e4a991c7f58f} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5012 27976c3b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.8.806329306\1047516691" -childID 7 -isForBrowser -prefsHandle 5460 -prefMapHandle 5480 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0f3cb17-947d-4dee-b47a-65d538ccf6f6} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5492 27970cecb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.9.1125326847\300506073" -parentBuildID 20221007134813 -prefsHandle 5636 -prefMapHandle 5624 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bf4c297-8115-4f64-9369-c0fb951a7f8b} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5476 27976a8d258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.10.685143668\2111293998" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5640 -prefMapHandle 5628 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3500a4a4-06f3-4bc5-883f-c63f3a0bc3b0} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5816 279783bd758 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.11.2083066919\1666912924" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6044 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1635eea4-7dea-46bd-8a27-ce80e49e8672} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6060 27978bcee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.12.510622200\626160226" -childID 9 -isForBrowser -prefsHandle 5616 -prefMapHandle 6328 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01bf34c5-f532-4576-b908-81ffc589b44a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6332 279658c6358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.13.2132583271\1352058634" -childID 10 -isForBrowser -prefsHandle 5188 -prefMapHandle 5184 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4583b025-ca96-4e3c-a73f-f52485f64453} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5176 2796582d858 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x394

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.14.277048610\4364934" -childID 11 -isForBrowser -prefsHandle 5520 -prefMapHandle 5512 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e846f9-d80e-44ed-b399-a2ffe6abfda2} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5604 27978350858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.15.1903631504\50496111" -childID 12 -isForBrowser -prefsHandle 10384 -prefMapHandle 10388 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da76f71c-0a40-4b7e-b8ad-17615ed40285} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 10376 27975d6e558 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
N/A 127.0.0.1:49759 tcp
N/A 127.0.0.1:49766 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
FR 142.250.179.118:443 i.ytimg.com tcp
FR 142.250.179.118:443 i.ytimg.com tcp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
FR 172.217.20.206:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.174:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
FR 216.58.213.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.178.142:443 youtube-ui.l.google.com udp
FR 172.217.20.174:443 play.google.com udp
FR 216.58.213.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.18.202:443 jnn-pa.googleapis.com tcp
FR 172.217.18.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.75.230:443 static.doubleclick.net udp
FR 172.217.18.202:443 jnn-pa.googleapis.com udp
FR 172.217.18.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
FR 142.250.179.110:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.20.206:443 encrypted-tbn2.gstatic.com tcp
FR 172.217.20.206:443 encrypted-tbn2.gstatic.com tcp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
FR 172.217.20.206:443 encrypted-tbn2.gstatic.com udp
FR 142.250.179.110:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
FR 142.250.179.110:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.75.227:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.75.227:443 id.google.com udp
US 8.8.8.8:53 227.75.250.142.in-addr.arpa udp
FR 216.58.213.66:443 googleads.g.doubleclick.net udp
FR 142.250.75.230:443 static.doubleclick.net udp
FR 172.217.18.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 polyfill.archive.org udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 analytics2.us.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 ux-lb.us.archive.org udp
US 8.8.8.8:53 ux-lb.us.archive.org udp
US 8.8.8.8:53 analytics2.us.archive.org udp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 cors.archive.org udp
US 207.241.224.2:443 cors.archive.org tcp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 ia601708.us.archive.org udp
US 207.241.227.98:443 ia601708.us.archive.org tcp
US 8.8.8.8:53 ia601708.us.archive.org udp
US 8.8.8.8:53 ia601708.us.archive.org udp
US 8.8.8.8:53 98.227.241.207.in-addr.arpa udp
US 8.8.8.8:53 ia801902.us.archive.org udp
US 207.241.228.102:443 ia801902.us.archive.org tcp
US 8.8.8.8:53 ia801902.us.archive.org udp
US 8.8.8.8:53 ia801902.us.archive.org udp
US 8.8.8.8:53 102.228.241.207.in-addr.arpa udp
US 8.8.8.8:53 ia801708.us.archive.org udp
US 207.241.233.38:443 ia801708.us.archive.org tcp
US 8.8.8.8:53 ia801708.us.archive.org udp
US 8.8.8.8:53 ia801708.us.archive.org udp
US 8.8.8.8:53 38.233.241.207.in-addr.arpa udp
US 207.241.228.102:443 ia801902.us.archive.org tcp
US 8.8.8.8:53 ia601902.us.archive.org udp
US 207.241.227.42:443 ia601902.us.archive.org tcp
US 8.8.8.8:53 ia601902.us.archive.org udp
US 8.8.8.8:53 ia601902.us.archive.org udp
US 8.8.8.8:53 42.227.241.207.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\817eaa46-1c96-4bd7-9466-e7f29810d750

MD5 0ac291f95f76158138d7b4b0a8914ba8
SHA1 7bbac7d7d5baf3a5ffb7294fe2a583c24ab9aa05
SHA256 cc49ee416917a7f1f06ff1402c4df574366449b190f9606b22bb674e0f292001
SHA512 63108ae97ab0c0a836aee92f982b3a7307fb4cf31bfd359c47448edfd01422c1962759d4c8db2afb5d842cb9eb39aff2df6069ceec733dd492bd5437fb4819d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\682385d9-6cbc-4a99-9ad1-64324521f4a8

MD5 c9818d9c2740df3d9f4e15610a8f2446
SHA1 7ee482d0a22bf52cbd1f22b2cb3b50dca5456d90
SHA256 01af04d0bb932df91c73f18d1b90befef6d6f702e48beedd2c387f8b03f9bab8
SHA512 ef537221fb8b781624c83033dd6e9663131b418ec0fcfc41fd0b33bd5935ccbd1b81f4a044cddb23d05e2a91cb711c2a1a844f58318065a016c0860431056976

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 33a0703e461c09fc5810b64accba1dde
SHA1 be273b2a8c03edae470c97645cb3e43a5d79b2dc
SHA256 75ceabc791af5d7c50b3782c4f5e3efc93f32a75afe3929d3e6d8dfd61be97de
SHA512 1cb7e7c46ee1e0006684315adec6b459533a71c440ea3ed952aa4fd905c7021411b1dac5e65c1c4740a00e645640725f37c5f16bfe1a04480b58caaeabc2e370

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e7d901ad03d22078f4c42ecc83c3bd45
SHA1 13ffe2ced2026e6b99c39a96d006c7832a72ba17
SHA256 fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17
SHA512 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f33f37ce9395976bc60c4e9f13c9686
SHA1 7d27a065d8f50e3a105fbb08a6dbb1ceb3384c1c
SHA256 ff93cfcc73204fb5d7898c78b4d8a245658d65b595eb9e16dbdf2cf452402fe4
SHA512 499fc036ae46d8dabf02a89e92fbe38226ac1f82373c1c9a5ab2c307b2910e1a4bf575ede2f1e40de0b05c1393c1a8a0b7d97df9a37fece6b70bce432f187bf1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 c104c8585dd560f70a2f733e798292e1
SHA1 247ecae1dac6eed12b520c17e381fc9e80c01950
SHA256 ff880e3d5f702ae8eab8bbe6e817cf92cdd2e38253279cacc9420068dacfcc7c
SHA512 ee9e4e673f45be77b8766d280ae9e98a359d6c8b8ed590d094696da50923243e347787c3188a4000f95a3757c30c76b4f8fe97bebcd2277b63cc6d7a8f339dd6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14049

MD5 8319bc708a7cf415532bd20d9acd826f
SHA1 f58170c6b5f109ebf3aaaae13d152bb7d84bef77
SHA256 8808890cef09b21e80362c26ec430d7e036a8110f89e074487c44f5406cf0bac
SHA512 5685ce414004f193d1cd678963291f2f5b8a21f04b0b18ef921ecbd12cb9a55965da1c13fcc1c0479086da85cb9d1c22f5d914e5233824eaed2e286fc3291c56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\8237

MD5 0afea3ce18057b4d4c3f104e62c7b152
SHA1 8614b140d89c709a436e43495f749d08e5a006a0
SHA256 8eb0e8205ad2efac052cebc9e3a3d7b00b422d1bd6827a7025c5564f9899bd93
SHA512 a5ab81127fe12cdc55f784e144816caf6937d4e8fdc9ba27fb94b6ad069a6367cce1c07754bb3c63782ff8135896d3d3983439f0bf3ec004d2c2946036d893d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 909674c5cadcf9315532804fd7a2cadd
SHA1 74889879dc7e498fc4d2b6cfc4aea2e2db108f13
SHA256 812c1d84278d3a119dd1520ef23257cec0250acbf0fff2175407727ab924d650
SHA512 cc900e6f9a6f34d73f6862b43cb0d3c95db88c9c7176aff3d4450d815fce7c0e776efd73d67e7ef4fe0f8fc76bd8ee727e3f27df1eba4b63151fa00a41352a82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 012b6f3e59e47bd1cfe1c6e32c0a3ad3
SHA1 ac218dab43d42ab6aee0a00019556ed2d0663b22
SHA256 ab201fafc7a476b83220fc939392795b888b884ae32f2cc78be236b58aaee8c4
SHA512 f6bc86dd55dd7fccd50b01aea180a88a985bd1b2d65fb711d978e015ff34fc28da920fd7905e40de4a2f5d18cb5ef47863826a7be5334373f2b438da73369bad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5c565def0a817c9300bcb5d3e6710e7b
SHA1 1b4c10f832a9c3bd3f611fb2a3316f30d0373298
SHA256 d8382a485213d882ed86e096ff19fbc30355c58792af7016a0f4fc8a1baffc7c
SHA512 76da9144456e4653fbf133f149d600f29c637a21a5252ae4c8e41d976f6d88c5f68a67f5142883f75c890731233887d5d786b6a0721d9b8649243c6e4162058e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\89FA4208C0AB794E8B089D482CAFD64D171440F6

MD5 742f09e37274f4edc334f4c89b6fd3c5
SHA1 6bfa90fde017420604f559b4e1a1fe8f13faee88
SHA256 ad48f16626ad62641a5a580d97cad8fced5afb74242915a7a1544342d126e0e5
SHA512 059f8a82961cf3516186f4e67e766898a76aa73496a9ba5ba8b5d6eb447be91227b59bdf64a570a1d06017bb676527b559004eac641cafcba617f8a37b9a2aaf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11744

MD5 f6d166e4303716902bace575da787122
SHA1 a0ab1473e9ede59a7b753c588110f59e9636379a
SHA256 f1b9c4cf0dfa9aead2273d3b4aca0a9a5f264072ea4e0562ee7c239e5e4b7978
SHA512 1e9d46254f1e274156e373441e5a233cc78ad7a1f1b0cbd6467426d0bae8860199cf0b1475eb35278e642e296de32689957c62d90e03b794d25024cbfc5e967d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32695

MD5 d4342fad406d00647ee4450b45e82e13
SHA1 b4f4b710cd1913db7f2415aa0416a946410df7e6
SHA256 00b0650cdc103d04efda35433c95ddc26d6dd93e9edec241d66ce461153fb452
SHA512 93f269bf34efaec6a9472d5ae1bc5b449fa659c3ea25c2c1789efde6f3c08dbdcf352b37f1b04146bfba02c49d2662194827ad771810c8d1f4980a9d41ca1a8c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1544

MD5 37e83a7d21441359f1b0946f03c5ca63
SHA1 1a358a849ffe30069d4d0dc3c94938ae7b7cd7ac
SHA256 bd5fd622b42295bf208f9d52eabd02d2892be9e3321b817c2ab8e3f08e1b7a10
SHA512 a791e35ac65824a4e5c39c9e14448545ab5693dcbd6ed7ac32473e52dfa9c0166f1a8f6afdff2eb6491e9ac70356279b6650a96b97966630ac8f20f27f7448d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8eb34f5f1b9a53a61527e816a84ac2a3
SHA1 b82abd42655d64c1c98759bdad2c59dded02517e
SHA256 2a12b52553ab3449d04adfa9806c391af79e4731e5939e57e41a4653610bea6f
SHA512 6758a6ca484eaf946714a54f0aa652258219e63c44f30bf19fbee822d5fa25ff0464731968a9e7fe20973dccf93c97e5117e3a77c8494cbec387d131fa16c671

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++archive.org\idb\2493130302____btrsoewts_esrf.sqlite

MD5 60244d9c9aabaf523e00ba2971f38bb0
SHA1 477daaa0f91947d75a2e96b20558ecb590c06ab9
SHA256 75d4c2a4d8a3c1bd6f9e10ef0e01e0f06b0b1d10680f7e13a3fc63e12ededbb0
SHA512 c963082d6f817430561d9daae27b0a86c18671d716486908e04c62451e368ef99ab48c60548451442055336141b5e2e64f0b6fc279d73aff3730f2e4041b88b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 0979e5d86069331632968d1d64521363
SHA1 e1be18e99060d09b0e89b61263c836203435c710
SHA256 23e01bc769bf99ff451bff7d425c5fa0be281f254259ae33306332089f4dadeb
SHA512 823432fceebb1bf732b9e2ebcc36c8dca273a3d286e53191d35ae05e57a7ef8ed0f4e5800696ac5e919b300ecc8b6889b7786240cc877dc5fd8ea44d7faf9e4b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 25ffd9061f183e5b1602934f2311d162
SHA1 a6ca907baba03d5566ee33f6c15da252ea7001d4
SHA256 978e94aecfa0c2d337048ad920ca85b4833aed00b4d079e7d906f59d3a14284e
SHA512 f97e0c2eb0553633b261bea6ee9781a62931ffd231195145406a9d0b06989e8358f1ebef22ec11f38412c6bde25afacfa32b914ddddd657c9b38c86163f11919

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7739

MD5 b2e3ca91e96424a3149b9808fdf7a7ec
SHA1 96724b6ee98a7a184e7f62eb2f190c16d23c1645
SHA256 bf1150602d3119b3db929022dbe94d043118adb4dc75c55299b5a64ca8ba994e
SHA512 adb73a8e9c2a01901cddb72a8073b0184e68890a0f658c35e63848ae4eba81e391e13f18928238a9b5a9bb2712cde251613143d8072a790b72353f92e2d6ff78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21521

MD5 776c9bb09c2990df6d1eeec78d1361a3
SHA1 543fdb3072ff33500692b1191ad6b2f98d788d8d
SHA256 ba4d7b1338f40949d90dca7c25123621d4fabbca322db4e4635f052b2f771a90
SHA512 5b282c53809d9237a5477cbc8599c56eec317880a0f870f7854c25ee5beabdf85df93fbe9301713ca68c3707e559035c5a9c9a6eec1475538a8a1e247f2963c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\3544415070LCo7g%sCD7a%t6a5baa3s.sqlite

MD5 60599fc22b52e1b46887d8898208c46f
SHA1 01177d1440dbac1ec3675edf68f77e32cdeac6fe
SHA256 04b154c59dbf2f137951366a6c11aa045cd1362d436044ffedcc20f51f0dfad9
SHA512 2c7c107ee041c6bc15a1363d8d23a38c7d486f2c6d4f1da44513fe7022bab9ea5fac8bc2b33f4c33d8a1efbba5135247b7377cf304a6117f03096fd987cbeaef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4773260177733430020dd7bd4fb2d2b9
SHA1 2cb81bc032cb004edd675a510ef015ac91a30546
SHA256 b12d401c2de66fbde4c423d5c7ea0cff2eeae06c609a142c4516513241897022
SHA512 b775b619a6af6b4ee6b51f9da8afd2d14e64d81581b57412b762e2ba0558bb05071fd171161409cf2cfb3295c78664a517bda3066648edcb66c0a0e9f6fad0d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 de86d7a0a3040914285ef1272cbc4c2f
SHA1 a89e9fb2d47aec14f05a71a4742909897fab252f
SHA256 1d8bf9046931a0d29d3671c8b62d3b7a72921c624e5532a5890503a471d47c78
SHA512 f2710b5378775300512cf4ad851e9c841f31f0c1ec1da6bf821376749c81284f400a4e55bea421f96b7962dcdf0d054ea044e462fb1f621881514595fae65dc0

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 09:31

Reported

2024-05-29 09:33

Platform

win10-20240404-en

Max time kernel

132s

Max time network

136s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\nazimod-runtime.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\nazimod-runtime.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 26.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp

Files

N/A