Analysis Overview
SHA256
da76319054ad7b1c8fc699e3c76a502fa3f8bef7e163246fc458c4b85e0a9791
Threat Level: Shows suspicious behavior
The file unpacked_nyxia external.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Themida packer
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 13:03
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 13:03
Reported
2024-06-09 13:05
Platform
win7-20240419-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\unpacked_nyxia external.exe
"C:\Users\Admin\AppData\Local\Temp\unpacked_nyxia external.exe"
Network
Files
memory/992-0-0x0000000000010000-0x0000000000913000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 13:03
Reported
2024-06-09 13:05
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\unpacked_nyxia external.exe
"C:\Users\Admin\AppData\Local\Temp\unpacked_nyxia external.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\cwwwvr.exe
"C:\Windows\System32\cwwwvr.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.0.1618279138\1995101521" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83874f03-3d5f-491f-9bdb-19863959a989} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 1868 1be66822e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.1.1931682563\1678739816" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c067bc-2ae0-4ce9-8399-8be15ec0af0a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 2436 1be59a8a558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.2.1845451549\208478995" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f184afe2-c424-406a-b71a-d285f86ff6b9} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 2988 1be691fa358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.3.2102059623\220229722" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb4ebc52-c126-410f-afc8-148df1314fbe} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 3688 1be6b2fb658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.4.598180449\890486150" -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5348 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac06749d-8708-421e-ad6a-4bbfefa135a1} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5316 1be59a81c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.5.773538758\1349275086" -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5304 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91538610-234c-4a87-a09f-c9700bb5a099} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5352 1be6d267b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.6.849896036\314512441" -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5704 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4376c2c1-e5b0-4ba5-9662-663942e18850} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5468 1be6e849d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.7.1315622181\369309634" -childID 6 -isForBrowser -prefsHandle 6036 -prefMapHandle 6004 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d730604-8d48-46d7-8d92-ddd0adfa9aea} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5988 1be6f817758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.8.432312358\1425516546" -parentBuildID 20230214051806 -prefsHandle 6340 -prefMapHandle 6336 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef79670e-c7f8-4242-8f8d-9f587dbf8b31} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6328 1be7022f358 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.9.1298753175\1158212471" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f6188ba-c021-48ca-954c-7032959f8be8} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6360 1be7022ed58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.10.1902932865\1831675887" -childID 7 -isForBrowser -prefsHandle 6688 -prefMapHandle 6644 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {414e36c3-e725-466f-bd7e-9bfb928d81a0} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6708 1be70489058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.11.618048745\110735992" -childID 8 -isForBrowser -prefsHandle 6844 -prefMapHandle 6848 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81e925c5-f088-4ef2-ace5-a64aad6807b1} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6832 1be70489958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.12.1087155778\1034340124" -childID 9 -isForBrowser -prefsHandle 9272 -prefMapHandle 9276 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1aa05b-6cdb-4f6c-b9ae-4d49df3a696f} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 10616 1be69152e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.13.905353234\1328801006" -childID 10 -isForBrowser -prefsHandle 10580 -prefMapHandle 10584 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92be190-c552-4bc8-b5b3-cfda97a59d9a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 10576 1be65824058 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| N/A | 127.0.0.1:51733 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:51740 | tcp | |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | udp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| FR | 172.217.20.195:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| FR | 142.250.201.163:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| FR | 142.250.201.163:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
Files
memory/216-0-0x00007FF7010C0000-0x00007FF7019C3000-memory.dmp
memory/3044-1-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-3-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-2-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-13-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-12-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-11-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-10-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-9-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-8-0x0000020122870000-0x0000020122871000-memory.dmp
memory/3044-7-0x0000020122870000-0x0000020122871000-memory.dmp
memory/216-14-0x00007FF7010C0000-0x00007FF7019C3000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | ca1b1d624e53b11b79f73ea62b9a630d |
| SHA1 | 3f950fd5cae61781b711d8af6382505fc5fda237 |
| SHA256 | 7f081c3c6947a24ebefa41a535cf3c15d6f4dc95078c5c71828e1e33f1f94924 |
| SHA512 | fd23540fffa846707b72d196fc5c0523991096e93cd114820f9e6734d7bd06e0513822ce6a4bfda7c9afc4d4e379871518bd825bbd0b322e1f322f654fd7ac39 |
memory/4612-54-0x0000000000CA0000-0x000000000142E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | cbfc586854ed4bd21d1ac07a78134b21 |
| SHA1 | 6671507dfce4c4ee0cd9d9eba6c26a843fa86e4b |
| SHA256 | 3792c17d38b53d145ffad4e9c04121b280df47b99dea15b54a65affbc0984e47 |
| SHA512 | 0afca716c13c183c54987cd780765492791c8a9518867b9fed19a440887e4bcb67f2164e7e4438aa7c718dfd846fc89fe380ba9ea55d1fd50a1497d4ee09d5ad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f497a6882bea63ad7c3e9a58fbffe954 |
| SHA1 | a65b515d72a2b5e71dcbf0b9be6fdeba4ad81c32 |
| SHA256 | f445fff96ae707e0eed3bad565817df776f45ff82465f5a6adafab582e9a065b |
| SHA512 | d1d8d7a0b3e06686795486d2d6bde1d6baa00438c6ae1e939225a7046a35f3763d68bf3547b9253cb75c90a7f30514837c8ae1bcfad620f6d74543e9f583ee0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\storage\default\https+++www.virustotal.com\cache\morgue\251\{33bbb7c1-12ee-43ce-9040-b8c35a9b4ffb}.final
| MD5 | 121e79cc5fbb7ee61a78e3446d3edb9c |
| SHA1 | 66b66e421a106f2f664647159a1e76d2060d8e14 |
| SHA256 | 02a7e906c91be6096280f1f8625776d7d29ca23642ba63203f1fbb0bc6bf600a |
| SHA512 | f6bfa4eafe160d42714f63867910d7c7a632c1f96b8996c65d4b1f3ce62e22ca38ba07abe2dff5f16b204ad552bd734a9445486d9f8a048e1332ba767067a5ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\15247
| MD5 | b41020485dd72007dc5f7d9f0b7743ae |
| SHA1 | 5c98124701eb61810143cb9257d4d7dbf3fa4b34 |
| SHA256 | 2e09bccce0f0b181ac6a5f85f37115a9da3852be60723c9077c6a70c5292f882 |
| SHA512 | 431b00df62ae2cc2bb1d9e07106b4b63e5bc7fd4ab7a92564ca7da6f9175e932c6f231b7b40432173a17642ef05ce819f20ca96a7943257721b079b3b35ab374 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 498dc09b73716563be2cc9ba36734812 |
| SHA1 | a21c00b08e879849dc76da3fa835d4151a00d725 |
| SHA256 | 1bb25345b8a2db87536f59f01d07372ff76caac7c7cf718c88330f4c96660adb |
| SHA512 | 66c832215124cfb176d04777b5f78fca4a368f10043d1ef56d6a112b3948d4f876d4cacfd4aced466352e0626e155ff4ea171aa147360bef58016e300119bcd3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 6e1dd3b254cc3ba54724fba7a72e482e |
| SHA1 | 32b3de9fdcedf90bf8764db9836f92c3d49f6ce4 |
| SHA256 | f1e939d8bd17733c1124c805cee7394e8b580c950c289fbe71cf4ebcccbdc8d8 |
| SHA512 | 003bf4c8d096c1ba87cbe1789aa5d427169de7f733f636788e354b6807f7ffd9afea2d36f28337870faaab177dd98d17ef4ce747c5ef1743051ec78bb5922d88 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7aa96de8048526d39d9d9a9f60adbca2 |
| SHA1 | 653ddda84e3eb74c7f52c6128eabdc9f583af4a4 |
| SHA256 | 3e6cc18513468ab0323a223f6f344bce287457c1ac036c1b4fd2b7d04629bcbc |
| SHA512 | 4ce5ea7be287f3f3ae5291c033a544b12330f13f7c581808f493995a88d602dba14a77400e603a147a12ff61cfa2c049467eb4ba02c38b363d3dbf9ea043dccd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d21f7457c41e0fa8a31b4e7cb0a1ecce |
| SHA1 | 59b44b834b9bdfd190cc224f7f766e2ee31de9e9 |
| SHA256 | 070af4db420713ff3554551e72ae7ea370d1ba8dab912380b14b266e30df3270 |
| SHA512 | d5fd0defd5118dedbd63005014e3787fb560da9019e9a7fe18a271bba29dd1fafa357d1a210fee5b893db57854f9516a1a1233d820fd5342bb1f4cc8d5d1e9f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | faba4ef6697889bb782ba3ed9fa4a657 |
| SHA1 | 6d5c8f5b13d02351584998eb1df2955250f79890 |
| SHA256 | d67e4d98ff250089e29b13dfe9cdbc54f6f5324ea5718b7fbe0f74110b740258 |
| SHA512 | d1b2aac3ff12eb077a600ab5c8a3038d43752fe1b444ec3f774a538d889d8469eeed1ef83f01e38377857ab4dd7a5f61b5a58db6a518aa0d4b5d8e66232ac4a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cb72f171572bb08af28f2d57e0bd1384 |
| SHA1 | 68767f87787bcfc6ddd3441e21c284e7874c5d1b |
| SHA256 | a7ce3f789cb25b417f94ea72c6920c41a767571837a514eed93cd873e02ce434 |
| SHA512 | 4c80b051b5c1114c3ce21946d5e3878021f1cbc7beb0dd06006c5ae27bd478d5dcabdaab263df524606fb889a79fc7330090646f6860f2566b3a8b0a0ba70ec1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 03d00727fc17f5fc32eabefc84cafd19 |
| SHA1 | b74fd51878d42f3a8b351e8c85def0f30a85f509 |
| SHA256 | c4700134b17017830da18d91154a7c29129a92c4ceb2161d0a6d20cc9275db5a |
| SHA512 | 9fe1a161ee6e36259da6d05b7c490049ed5ac5616549d7481aa837a61c6516c67921c629c3dc782ab179c5ff6054ed6394f7613454404e4d4bb2be2044bc03d3 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 799977b715bf2e910364ee4306d181f9 |
| SHA1 | 483d5b3cf8f427fca053f32fe9211c51d23e3ee5 |
| SHA256 | 003914ce614d50c9f3583a8f9fa1ef2cf64a5729494d7556f96b4bea7af44cf3 |
| SHA512 | d6719043bcfa824e38f3028c880763e99bdbdc2832fa9044a7fcd8fd0f5cc6d530adfe0263fa2abe122109b83ffd965a0af325782100b5792b5b762986ff8527 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 00da74decc3322f7bae24787b2f97eb5 |
| SHA1 | d84423c0fd5afc6b6349371b32d7aa4116373c6b |
| SHA256 | a07f0df5480c2fec504033108b5b69b6a4ec113a69ed5deca4b772971dd613e3 |
| SHA512 | b25fcac385cad3bfc651817837253654b8b5a709b684d474f4b18d9e53cf0bfacce517d4c6d13072f74639f03aa056b223d760f5b9c519fb31590890b54b3459 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |