Analysis Overview
SHA256
75240b9609c102dbec6d1ada163a1bfdfe156f55dd21c5e614b3a60722d61929
Threat Level: Known bad
The file #!SetUp_14807--!PassW0rdz#$$.zip was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Unsigned PE
Program crash
Enumerates physical storage devices
Checks processor information in registry
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
NTFS ADS
Modifies registry class
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 06:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral12
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
125s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\Extreme.Net.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4104,i,15168044379859864039,3380316340477469860,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
133s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\Newtonsoft.Json.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.197.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
134s
Max time network
142s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\caret.xls"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 19.89.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
memory/3484-3-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-2-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-1-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-0-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-4-0x00007FFC43F55000-0x00007FFC43F56000-memory.dmp
memory/3484-7-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-8-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-9-0x00007FFC00650000-0x00007FFC00660000-memory.dmp
memory/3484-10-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-11-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-12-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-13-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-15-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-14-0x00007FFC00650000-0x00007FFC00660000-memory.dmp
memory/3484-17-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-19-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-21-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-23-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-22-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-20-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-18-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-16-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-24-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-25-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-28-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-27-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-26-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-29-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-39-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-156-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-157-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-185-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
memory/3484-225-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-226-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-227-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-224-0x00007FFC03F40000-0x00007FFC03F50000-memory.dmp
memory/3484-228-0x00007FFC43EB0000-0x00007FFC4408B000-memory.dmp
Analysis: behavioral22
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240508-en
Max time kernel
105s
Max time network
116s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\caret.xls"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| US | 52.111.229.43:443 | tcp |
Files
memory/3124-5-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-9-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-10-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-15-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-19-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-21-0x00007FFF2FB90000-0x00007FFF2FBA0000-memory.dmp
memory/3124-23-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-22-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-20-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-18-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-17-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-16-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-14-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-13-0x00007FFF2FB90000-0x00007FFF2FBA0000-memory.dmp
memory/3124-12-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-11-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-8-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-7-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-6-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-4-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-3-0x00007FFF724AD000-0x00007FFF724AE000-memory.dmp
memory/3124-2-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-1-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-0-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-31-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
memory/3124-44-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-45-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-47-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-46-0x00007FFF32490000-0x00007FFF324A0000-memory.dmp
memory/3124-48-0x00007FFF72410000-0x00007FFF72605000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
131s
Max time network
134s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.asp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4356,i,3027467512973953085,11878940668304988630,262144 --variations-seed-version --mojo-platform-channel-handle=1032 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
91s
Max time network
125s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ErrorLog\DirectoryMonitor_[1MB]_[1].exe
"C:\Users\Admin\AppData\Local\Temp\ErrorLog\DirectoryMonitor_[1MB]_[1].exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/3132-1-0x0000000000B20000-0x0000000000D10000-memory.dmp
memory/3132-0-0x00007FFB1AAA3000-0x00007FFB1AAA5000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Lumma Stealer
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4868 set thread context of 3216 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\SearchIndexer.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4868 wrote to memory of 3216 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 4868 wrote to memory of 3216 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 4868 wrote to memory of 3216 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 4868 wrote to memory of 3216 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 3216 wrote to memory of 3024 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 3216 wrote to memory of 3024 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 3216 wrote to memory of 3024 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 3216 wrote to memory of 3024 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 3216 wrote to memory of 3024 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 1252
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | unwielldyzpwo.shop | udp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 8.8.8.8:53 | 68.158.67.172.in-addr.arpa | udp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 8.8.8.8:53 | downloadfile123.xyz | udp |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/4868-2-0x00007FFE37670000-0x00007FFE3770B000-memory.dmp
memory/4868-6-0x00007FFE37688000-0x00007FFE37689000-memory.dmp
memory/4868-7-0x00007FFE37670000-0x00007FFE3770B000-memory.dmp
memory/4868-8-0x00007FFE37670000-0x00007FFE3770B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d878db92
| MD5 | 8e13711f88bde12eb76f7943879d3fe6 |
| SHA1 | cf62cf776adfa0b475103d99f203565c2833efb9 |
| SHA256 | 2f6edcf39bf9fd4741e63ebe95f658c4b68f68c8d921245faaed4d3b5ef62b53 |
| SHA512 | f112120b317265216ec7654c1ce40318b7f2a3c05ce5ffa158b2f297a3bb5748a37d77e77c79998464db585be682f76349c914f6bbb0318e0d8e6adae69d0250 |
memory/3216-12-0x00007FFE40490000-0x00007FFE4066B000-memory.dmp
memory/3216-13-0x00000000745B0000-0x0000000074645000-memory.dmp
memory/3216-15-0x00000000745B0000-0x0000000074645000-memory.dmp
memory/3216-14-0x00000000745BE000-0x00000000745C0000-memory.dmp
memory/3216-17-0x00000000745B0000-0x0000000074645000-memory.dmp
memory/3024-18-0x00007FFE40490000-0x00007FFE4066B000-memory.dmp
memory/3024-19-0x0000000000C20000-0x0000000000C78000-memory.dmp
memory/3024-20-0x0000000000C20000-0x0000000000C78000-memory.dmp
memory/3216-21-0x00000000745BE000-0x00000000745C0000-memory.dmp
memory/3024-22-0x0000000000C20000-0x0000000000C78000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
133s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\License.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
133s
Max time network
139s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2692 wrote to memory of 3508 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2692 wrote to memory of 3508 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2692 wrote to memory of 3508 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libgcc_s_dw2-1.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libgcc_s_dw2-1.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:33
Platform
win10-20240611-en
Max time kernel
129s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\msedge_elf.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 199.232.210.172:80 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240508-en
Max time kernel
41s
Max time network
48s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\AlphaFS.dll,#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
133s
Max time network
138s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2520 wrote to memory of 4716 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2520 wrote to memory of 4716 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2520 wrote to memory of 4716 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libEGL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libEGL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4848 wrote to memory of 2292 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4848 wrote to memory of 2292 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4848 wrote to memory of 2292 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libgcc_s_dw2-1.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libgcc_s_dw2-1.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2292 -ip 2292
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:32
Platform
win10-20240611-en
Max time kernel
129s
Max time network
140s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ErrorLog\DirectoryMonitor_[1MB]_[1].exe
"C:\Users\Admin\AppData\Local\Temp\ErrorLog\DirectoryMonitor_[1MB]_[1].exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/2712-0-0x00007FFB83AE3000-0x00007FFB83AE4000-memory.dmp
memory/2712-1-0x0000000000E30000-0x0000000001020000-memory.dmp
memory/2712-2-0x00007FFB83AE3000-0x00007FFB83AE4000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\VersionStable.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
133s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\VersionStable.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.197.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:33
Platform
win10-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\Injecting.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240508-en
Max time kernel
53s
Max time network
67s
Command Line
Signatures
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1856 set thread context of 2880 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1856 wrote to memory of 2880 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1856 wrote to memory of 2880 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1856 wrote to memory of 2880 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1856 wrote to memory of 2880 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 2880 wrote to memory of 4788 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 2880 wrote to memory of 4788 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 2880 wrote to memory of 4788 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
| PID 2880 wrote to memory of 4788 | N/A | C:\Windows\SysWOW64\more.com | C:\Windows\SysWOW64\SearchIndexer.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/1856-0-0x00007FFE6D250000-0x00007FFE6D26C000-memory.dmp
memory/1856-5-0x00007FFE6D250000-0x00007FFE6D26C000-memory.dmp
memory/1856-4-0x00007FFE6D268000-0x00007FFE6D269000-memory.dmp
memory/1856-6-0x00007FFE6D250000-0x00007FFE6D26C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8f2e1c6c
| MD5 | 00cad6313888c625eabca9bdb7143cd2 |
| SHA1 | 1a2dd69e3b3c6f3f3b529c0e7a3787a69567f42d |
| SHA256 | 62c4a5b16ea157c9c22761306d863966a851105ea24f258fe28096c23eacd698 |
| SHA512 | 8536a70dc0390f9838bda5e4665a4e0a4481d5360d48903f036c1435a62517d603cd25d6e931ce44f1db14da46086dd9ad9a1493be73ecb9282b9ebf22b1d80a |
memory/2880-10-0x00007FFE75C30000-0x00007FFE75E25000-memory.dmp
memory/2880-11-0x00000000755B0000-0x00000000755C4000-memory.dmp
memory/2880-13-0x00000000755B0000-0x00000000755C4000-memory.dmp
memory/2880-12-0x00000000755BE000-0x00000000755C0000-memory.dmp
memory/2880-15-0x00000000755B0000-0x00000000755C4000-memory.dmp
memory/4788-16-0x00007FFE75C30000-0x00007FFE75E25000-memory.dmp
memory/4788-17-0x0000000000C00000-0x0000000000C58000-memory.dmp
memory/4788-20-0x00000000007BB000-0x00000000007C2000-memory.dmp
memory/4788-21-0x0000000000C00000-0x0000000000C58000-memory.dmp
memory/2880-22-0x00000000755BE000-0x00000000755C0000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240508-en
Max time kernel
79s
Max time network
100s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\msedge_elf.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240404-en
Max time kernel
75s
Max time network
80s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.asp
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10-20240611-en
Max time kernel
127s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\AlphaFS.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.197.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
93s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\Newtonsoft.Json.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
93s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\Injecting.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4248 wrote to memory of 3232 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4248 wrote to memory of 3232 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4248 wrote to memory of 3232 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libEGL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\libEGL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3232 -ip 3232
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 604
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:31
Platform
win10v2004-20240704-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debugs\License.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-07-05 06:28
Reported
2024-07-05 06:32
Platform
win10-20240404-en
Max time kernel
174s
Max time network
147s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\Extreme.Net.dll,#1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.0.256192670\538984355" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1612 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b35f99a2-8590-4b61-880c-36fd57152f83} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 1780 23a6e8f0e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.1.180961114\1945428131" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca71ad77-579a-4a21-9b3a-87338ad9087a} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 2136 23a63872b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.2.2087785568\1872984519" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2920 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da425ef8-7408-469b-bcf8-f6d424ebcecb} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 2936 23a72b9d458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.3.75058371\1274503902" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {588b7a54-64ef-4c4c-8858-74085202e58d} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 3556 23a711e4d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.4.1741440085\1872824567" -childID 3 -isForBrowser -prefsHandle 4384 -prefMapHandle 4376 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16fee4f0-de87-438d-a50e-a8322c386d00} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 4396 23a74e28958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.5.1528660120\794880995" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ee51924-2857-4ee6-9119-7ba88374f0d3} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 4992 23a63865658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.6.1931859016\1908959936" -childID 5 -isForBrowser -prefsHandle 1380 -prefMapHandle 1552 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54dc4cbc-1439-4351-b0c7-aa0dd4b0d0dd} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 5116 23a75384258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.7.786274565\341324183" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb5d4790-1be1-4786-b063-d72d21430f9a} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 5244 23a75384b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.8.1085262786\1446866004" -childID 7 -isForBrowser -prefsHandle 5612 -prefMapHandle 5616 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca49423-c4fc-4ad4-8e26-815714b460f2} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 5632 23a6eb3b458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.9.1319680788\1298330172" -childID 8 -isForBrowser -prefsHandle 9460 -prefMapHandle 10088 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1392a664-1eb6-4e51-ba6b-0df35821ec4e} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9444 23a6ebf3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.10.1064870816\1452692527" -childID 9 -isForBrowser -prefsHandle 9364 -prefMapHandle 9360 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee41d15a-e458-4ec1-bbb4-e0cdd817cfc1} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9372 23a77bce358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.11.1961872403\381782839" -childID 10 -isForBrowser -prefsHandle 9480 -prefMapHandle 10096 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5feec7-f0c8-4620-8cfd-b1b362df2d65} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 10060 23a77e0c758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.12.166951869\1846538772" -childID 11 -isForBrowser -prefsHandle 9492 -prefMapHandle 9488 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26e8928-156d-43c4-b455-2b317f9599a6} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9288 23a77e0df58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.13.169294894\63820366" -childID 12 -isForBrowser -prefsHandle 9492 -prefMapHandle 9284 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c480144-e5a7-41b0-a82c-6d7a46172017} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9296 23a7818ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.14.1850635965\405547875" -childID 13 -isForBrowser -prefsHandle 9296 -prefMapHandle 8992 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6674cff-67ff-4337-aafe-956d11d4f53f} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9492 23a78479858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.15.644725712\1453449888" -childID 14 -isForBrowser -prefsHandle 8920 -prefMapHandle 8924 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {311e8701-2156-455a-b94f-4cd5a43883b0} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8660 23a78458558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.16.1232460903\1468436626" -childID 15 -isForBrowser -prefsHandle 9020 -prefMapHandle 9016 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c913dc27-d2f7-4667-a0fe-fb8bceed30b6} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8880 23a78541658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.17.361382641\814551459" -childID 16 -isForBrowser -prefsHandle 8360 -prefMapHandle 8356 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb779f7e-73bb-4fe8-8dc5-77295e208b87} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8368 23a78540458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.18.1844974214\523259513" -childID 17 -isForBrowser -prefsHandle 8176 -prefMapHandle 8164 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00819f11-7772-457c-82c3-ca6866c4e7db} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8188 23a78455b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.19.1981872973\1651969631" -childID 18 -isForBrowser -prefsHandle 8140 -prefMapHandle 8132 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6845327-c0dd-41b8-98db-a87889468be3} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8360 23a78039858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.20.423606262\735696949" -childID 19 -isForBrowser -prefsHandle 9020 -prefMapHandle 9024 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4a5d91e-ffcb-4aaf-97a2-23f909a79b89} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 7828 23a78038958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.21.672510966\731739775" -childID 20 -isForBrowser -prefsHandle 7636 -prefMapHandle 9020 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a54b19ea-d1ca-4719-b9e6-175e0b863a9e} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 7644 23a78b05558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.22.1235135177\1499424435" -childID 21 -isForBrowser -prefsHandle 7376 -prefMapHandle 7284 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b255326-54ab-4791-bc4a-7a875d709841} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 7308 23a70034958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.23.364325266\1305227531" -childID 22 -isForBrowser -prefsHandle 6884 -prefMapHandle 6888 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c06f80b-d768-4a6d-b8c3-5d8d26d7e44d} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 6952 23a7743f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.24.1488273622\1213081290" -childID 23 -isForBrowser -prefsHandle 6872 -prefMapHandle 6876 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb9d9cc-1cd1-4105-8a13-6c1a199bbd10} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 6840 23a77442558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.25.89188524\1552483277" -childID 24 -isForBrowser -prefsHandle 6860 -prefMapHandle 6864 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cd7d3b5-b342-416d-a271-af8cb2dd2134} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 6728 23a77440758 tab
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\" -ad -an -ai#7zMap20380:118:7zEvent25184
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\" -an -ai#7zMap32563:196:7zEvent29477
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49775 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 44.242.121.21:443 | shavar.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.242.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49783 | tcp | |
| US | 8.8.8.8:53 | easyupload.io | udp |
| US | 104.26.2.69:80 | easyupload.io | tcp |
| US | 104.26.2.69:80 | easyupload.io | tcp |
| US | 8.8.8.8:53 | easyupload.io | udp |
| US | 8.8.8.8:53 | easyupload.io | udp |
| US | 104.26.2.69:443 | easyupload.io | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cnt.trvdp.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.adapex.io | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 18.65.39.56:443 | cnt.trvdp.com | tcp |
| NL | 18.65.39.56:443 | cnt.trvdp.com | tcp |
| US | 104.21.234.176:443 | cdn.adapex.io | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 69.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cnt.trvdp.com | udp |
| US | 8.8.8.8:53 | cdn.adapex.io | udp |
| US | 8.8.8.8:53 | cnt.trvdp.com | udp |
| US | 8.8.8.8:53 | cs41.wac.edgecastcdn.net | udp |
| US | 8.8.8.8:53 | cdn.adapex.io | udp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cs41.wac.edgecastcdn.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | stg.truvidplayer.com | udp |
| US | 104.21.234.176:443 | cdn.adapex.io | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| NL | 13.227.219.24:443 | stg.truvidplayer.com | tcp |
| US | 8.8.8.8:53 | stg.truvidplayer.com | udp |
| NL | 13.227.219.24:443 | stg.truvidplayer.com | tcp |
| US | 8.8.8.8:53 | stg.truvidplayer.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cat1.hbwrapper.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 134.122.30.244:443 | cat1.hbwrapper.com | tcp |
| US | 8.8.8.8:53 | cat1.hbwrapper.com | udp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | p2.gcprivacy.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cat1.hbwrapper.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 44.218.22.218:443 | p2.gcprivacy.com | tcp |
| US | 8.8.8.8:53 | p2.gcprivacy.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | grid.bidswitch.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | p2.gcprivacy.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| DE | 142.132.249.188:443 | ghb.adtelligent.com | tcp |
| NL | 18.239.50.10:443 | hb.yellowblue.io | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 8.8.8.8:53 | s.trvdp.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 34.160.72.119:443 | pbs.optidigital.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| NL | 18.65.39.118:443 | s.trvdp.com | tcp |
| NL | 18.65.39.118:443 | s.trvdp.com | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 172.67.25.151:443 | boot.pbstck.com | tcp |
| US | 172.67.25.151:443 | boot.pbstck.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| NL | 18.239.18.109:443 | p.gcprivacy.com | tcp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| NL | 18.239.68.199:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| US | 8.8.8.8:53 | ghb-adtelligent-com.geodns.me | udp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| NL | 18.65.39.122:443 | cdn.browsiprod.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ghb-adtelligent-com.geodns.me | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| US | 172.67.25.151:443 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | 229.133.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.70.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.30.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.22.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.31.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.72.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.25.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.68.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.pbstck.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | rt.ad-score.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | s.trvdp.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 104.22.0.93:443 | cdn.pbstck.com | tcp |
| US | 104.22.0.93:443 | cdn.pbstck.com | tcp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 35.208.216.174:443 | rt.ad-score.com | tcp |
| US | 35.208.216.174:443 | rt.ad-score.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | s.trvdp.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 44.238.202.240:443 | events.browsiprod.com | tcp |
| NL | 18.239.36.122:443 | yield-manager.browsiprod.com | tcp |
| US | 8.8.8.8:53 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 34.160.72.119:443 | pbs.optidigital.com | udp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 104.22.0.93:443 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aggle.net | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 3.33.163.81:443 | aggle.net | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.pbstck.com | udp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| US | 8.8.8.8:53 | eu5.easyupload.io | udp |
| US | 8.8.8.8:53 | rt.ad-score.com | udp |
| US | 8.8.8.8:53 | cdn.pbstck.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 172.67.71.25:443 | eu5.easyupload.io | tcp |
| US | 8.8.8.8:53 | rt.ad-score.com | udp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| US | 8.8.8.8:53 | intake.pbstck.com | udp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 8.8.8.8:53 | aggle.net | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| US | 172.67.25.151:443 | intake.pbstck.com | tcp |
| US | 172.67.25.151:443 | intake.pbstck.com | tcp |
| US | 172.67.25.151:443 | intake.pbstck.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | aggle.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | eu5.easyupload.io | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 172.67.25.151:443 | intake.pbstck.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | eu5.easyupload.io | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | intake.pbstck.com | udp |
| US | 8.8.8.8:53 | intake.pbstck.com | udp |
| US | 8.8.8.8:53 | 122.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.0.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.216.208.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.202.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.163.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| IE | 34.252.172.206:443 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| GB | 23.46.72.29:443 | hbx.media.net | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| US | 8.8.8.8:53 | scripts.opti-digital.com | udp |
| US | 104.22.31.209:443 | csync.smilewanted.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| GB | 23.46.73.76:443 | eus.rubiconproject.com | tcp |
| GB | 23.36.168.202:443 | ads.pubmatic.com | tcp |
| US | 104.18.2.52:443 | scripts.opti-digital.com | tcp |
| GB | 195.181.164.15:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.172.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.72.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 104.22.31.209:443 | static.smilewanted.com | tcp |
| GB | 23.46.72.29:443 | hbx.media.net | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.adtelligent.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | scripts.opti-digital.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | 1651846316.rsc.cdn77.org | udp |
| GB | 185.83.71.234:443 | sync.adtelligent.com | tcp |
| US | 104.18.2.52:443 | scripts.opti-digital.com | udp |
| US | 8.8.8.8:53 | 1651846316.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | scripts.opti-digital.com | udp |
| US | 8.8.8.8:53 | xandr-prebid.trafficmanager.net | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| US | 8.8.8.8:53 | xandr-prebid.trafficmanager.net | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| NL | 89.149.193.89:443 | sync.smartadserver.com | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | sync-unosync-com.geodns.me | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | sync-unosync-com.geodns.me | udp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| IE | 54.75.246.78:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | 76.73.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.2.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.71.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.246.75.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| IE | 52.209.44.234:443 | ap.lijit.com | tcp |
| DK | 37.157.2.228:443 | cm.adform.net | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| NL | 18.239.94.61:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 234.44.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| IE | 52.50.226.183:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ssp-sync.nl3.vip.prod.criteo.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.nl3.vip.prod.criteo.com | udp |
| FR | 178.32.197.53:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | s.adtelligent.com | udp |
| DE | 142.132.249.184:443 | s.adtelligent.com | tcp |
| US | 8.8.8.8:53 | s-vertamedia-com.geodns.me | udp |
| US | 8.8.8.8:53 | s-vertamedia-com.geodns.me | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.226.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| GB | 89.187.167.8:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 1099493781.rsc.cdn77.org | udp |
| GB | 89.187.167.8:443 | vpaid.vidoomy.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | 1099493781.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 8.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | assets.a-mo.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\58a70c74-6ddd-428c-a600-a31edcf1a610
| MD5 | f6963b25bfaa91f3aa3b5eb471c65dfc |
| SHA1 | 1472a98fe9cf7e3ef94413dc0c5262e9511c9a98 |
| SHA256 | 79d340443ed78a1e1f49dfc1d07030a714cdeecb2a081cc86fa1179ce15fccfe |
| SHA512 | 25c3bab648e855834282a2533afbcac390b87718b80602df112fffaeb0b9c17d72447d609e1c4258bbd3380d5bd64b4ffb6983e1af2f5b8bc62108bd250f5429 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\46445c98-cc01-47c9-9cef-47e8532bd590
| MD5 | c0f575c8777d8875c53957f2c7724987 |
| SHA1 | f44a4611578d30997559e974636ea5660678d30e |
| SHA256 | 995e3a06cbea3edcc6431f3dc917edd4580d318f5d118b6b765efbd31c09db49 |
| SHA512 | dd8b74b3e82f93fe462eec3cd455dcd4b73396c3154f00ed23dbf0a25365da078a95c8f730c52f99cf192c032d30391c6d05cb2e898b3400b796a798112aab51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 854c3fcc98e6ed3906cc45ca65e283d4 |
| SHA1 | 97fded75d17e99870bde19e1b7c10b35aed59da5 |
| SHA256 | 8f8bf3008ab01039f5ec48447487b5f37b2e245a5baa0fe227288c17545d26d7 |
| SHA512 | 5ebf42b2b6efdd01791aceda67140305d92ea836b9baeac3523e0a184af90698a67ad5dbbd92d6e0fbdb997a28d96a86710ab311dec2c6fbd7c35841f51bf71c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js
| MD5 | 97309eaa0ea36c0d9a9b9c9786dc34e8 |
| SHA1 | b39fa882330fbcb626e8ecfc0edb365c32bed8f8 |
| SHA256 | 94946e039ded1d3e3ee4a5003fa73ffaa80f2a8620cb6614d267bf579ea93ac2 |
| SHA512 | 35eda972e57b8104618036ee8ab1267b64809e4298a4097b9057b42947b8fe85beeb84860c19f4aef138145b59f8af9e7372d7e0a56e9ec2c18ff577bc6df5f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ba328301b7664dee37ed4119de3001b5 |
| SHA1 | 84d2aec34fd817a4b13e3ccddb59b2726187d651 |
| SHA256 | a3a7b3209bc5dec24dc42aa322c10701c78ab335bca958c10f7dcacd91206436 |
| SHA512 | 4d98d2b76575c488c40ba3deed69d11710d37eae7329131a9583d8b3aef8908aababc87cc8db63ef968c8812882b43fbfa224f57fae225a8e07f42328b64f89c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 67be1644149c54cd40b2bb08a83dc81c |
| SHA1 | ab211fc449bdc6faf70a46c731efccdf072e52de |
| SHA256 | 64ee1c2991bbc84be21e70dfe8c53113d1ee759f10d0fe20b7ec17f9835a8b9b |
| SHA512 | cfc2fed1993e0d04157f40e3500a578a3c93e81dff892f2799ea7de9fdfbb0c89a445dc9497da20f150bffd6025abee9a8fd36c6243693b8aa6324d4fe0fd8e6 |
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$.KFRMCT3d.zip.part
| MD5 | ba2ea4ea9bddd1f890f3441959e7dc5d |
| SHA1 | ce98421e54a268f74f17fe0279726a17f9ffaf4f |
| SHA256 | 75240b9609c102dbec6d1ada163a1bfdfe156f55dd21c5e614b3a60722d61929 |
| SHA512 | fb952eeb92d736989409c6bcaac3d8edb96a262fd58dcf0f4ac18cecaaafd60929bb04c75bb1378485b9de099b55573740d0494ca7b7777f0a9c3ba99448de39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
| MD5 | cef221a08f9e5c2f8aef42ad66455b52 |
| SHA1 | c7b32d8077b6f8dac852c53de89fac38feaca34f |
| SHA256 | 776defccf4ffffeb0dd80708875fd92127871c4c4b30d79fbb3bd4fee5a51e64 |
| SHA512 | 02ac4a94f61bd312411e633751fa278e2209e88b8690d7bc7904cb673fd951ea4dd0a7dc474dc9a1b6af16af3de98da4bdb5aa2e2b183cb1d78fc65a15cd6b8e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 6a3e5c7fd6c1231d28b689bd37957203 |
| SHA1 | f65c743f3155c4fe09ab51bad714ea27761770c7 |
| SHA256 | 3a045a2b708ccb193758a66224be4252572efcd0222278d11249615776db2655 |
| SHA512 | edaaba64117d77ad247966d69190e7f099baaf3bf06c81c4646f508fdf660f25199078c988e577e1da698e9e29abae5ff5947c307a1caf421a5560ae924b8e77 |
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\!ŞetUp_14807--#PaSꞨKḙy#$$.rar
| MD5 | 415c085f378e65f59dfd6deae91cfab2 |
| SHA1 | 4b9f3775fc9894c729f7fd535abbeac7db0702d5 |
| SHA256 | ebb59cab1ddc68e72abd89054f79792f214e5fb3d5a094168930334a28a069df |
| SHA512 | 7bda743ad7cbe740319fbe861b856fad2f555e5ac13f84722c3c5e2ace00e857cc4d42d9f61b80b70ec47c9587d62e8176fecc5207f22bb54ae9c14fa5ae4641 |
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe
| MD5 | f975a2d83d63a473fa2fc5206b66bb79 |
| SHA1 | e49d21f112ab27ae0953aff30ae122440cf164b9 |
| SHA256 | 6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8 |
| SHA512 | 4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64 |
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\msedge_elf.dll
| MD5 | b37d0df4c44e4e1e9502f6b90adbd73d |
| SHA1 | 2164d4fd7184f2ed4ebb225f2ea36b84c001f7ee |
| SHA256 | 0b16174a0a47cfcabf5dd427e56355b806467ac3284d5d55f66aa19fbcf91e92 |
| SHA512 | f5fbb1d506835a4cedd2843a7ff1e1b750ad0c147730e9de521de0c1b67cece4ded32ea0bf153341f9fe6630febb7af785b117d4c49fdfe01e65a18fc450a265 |
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\test.asp
| MD5 | 012206c2a828f8687db2a3e5e878068f |
| SHA1 | ee75d067cebca73b982546e1d4c7c7cf32569e8a |
| SHA256 | 42f229a1430516ca02825a0b8ead2aa296c1a1cd7e1b41165d918e6657fe4ac4 |
| SHA512 | 8a0c894cdf75f675b692a3e5fd0db278536c7b8044490fd1a83b47ca606996d9d36190017f33ff9874e0223dd6e2dbb9f5173c870d501e0ae57fbc2bb6ca323b |
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\caret.xls
| MD5 | 4d4b5ccd0ff38d099e68792ee07c4a99 |
| SHA1 | f529d6bb59e1edd6ee57b7ceca20afaa2272d157 |
| SHA256 | 90b7b1dbc330af1f1d80403bacb25b46506b666aa9182fef90aaec5d612507a7 |
| SHA512 | b8113fef6c0e7dea4ad6615fa0a451e72f481d72691d9f4001196be7784df8620ea8b7c00456a546204e0540580eaa13a4bb7ed18ef90ba7a7022682573484f6 |
memory/6396-576-0x00007FF9F4A80000-0x00007FF9F4B1B000-memory.dmp
memory/6396-580-0x00007FF9F4A80000-0x00007FF9F4B1B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\71356ad7
| MD5 | 0f5ac58d1141669520ef806a93e5fae9 |
| SHA1 | 945c698653906cf3e60ac78c85cb4a2912a5fefc |
| SHA256 | 2b072860a7dfa494fa7d04118af241ba64f3170bfca69ac8845c79a00b308427 |
| SHA512 | 6c698845582b32fac54babd78c4d8535a7d05e390efe67474116cc784fa628cf880bad162b83c32b9512bce1ac72545057d071cea02127298d7a20e500424627 |
C:\Users\Admin\AppData\Roaming\Fmcli_3\msedge_elf.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/6212-611-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Fmcli_3\msedge_elf.dll
| MD5 | 196afb2cb100b0ee5ec126433ff9002b |
| SHA1 | 30d16e8ea4c76062f16d0b7fafbff72eb6d5a91f |
| SHA256 | f76f2ea7f4122d098595277a49adc77360164d5932a4efe76a1ec818bc292fac |
| SHA512 | c2b4c7cc0945af341374556a8030b749de88d958c869fd68cf3178da0834277030f7d3d205f09420d99af0c181b54d33b974a170875fc481464c60f4ca25e531 |
C:\Users\Admin\AppData\Roaming\Fmcli_3\msedge_elf.dll
| MD5 | 03477e2970d9a74f2b451e4bbd955f83 |
| SHA1 | f3881b739fb9a448875c6a8a8dd72af2221d8c3a |
| SHA256 | 9ab10ed9f1efb22a1c2e8f21ea262da1677e4032c6050d560d6af24b28546f00 |
| SHA512 | 34b0bdcc87b071ac9a5b69109952c23e89ee5395273e4dea7deb28a5216184a5bedc9698cfdfa67187171cabe5605cc05d113d2c2730bbad739bb34c1a18a0a1 |
C:\Users\Admin\AppData\Local\Temp\9c24c43c
| MD5 | e7972ad16195c335bcee7cd9b652bfef |
| SHA1 | 86e05c4252ab58a9c34f8961cc5328750d3cc608 |
| SHA256 | 9fa9f0ea2f212cc91a8c0beb0198bcfa6b398bafc8f45430c80fafde5a5bad86 |
| SHA512 | fae13d207e0524be0f1a2db52651f7c063e682736ef5fc7aa8a15911e52f55308934473a6204f5ef091889a905667e51b87daceb3978cb72a4c245a323d6bb73 |
C:\Users\Admin\AppData\Local\Temp\a759dca2
| MD5 | 95d929e7afffa5f4c5ca88b200ddeee1 |
| SHA1 | e31acad1067024420008da3c67b6a6795aaa47fc |
| SHA256 | ebc9c40aeead47b8581a7d911910e760a84cc8ed0d74f46f61e606eccb38f8b7 |
| SHA512 | c6e9575c9cf9269b9330ac6dd80b8303a654aeb79a141a87c7e4166f4417f07af7ac60ea7b1b9cd2464270a0c7543e7e11b3e31b0e8556f0384c7ba1a8391d24 |
C:\Users\Admin\AppData\Local\Temp\ad1d8c3a
| MD5 | b0cd173c78398f4cab4bfd12a1342411 |
| SHA1 | ec79a9f2193f2061b013ce1961ea71a105a561fb |
| SHA256 | 48f24858f713883c19969365abf7ea3bb91748cbe85461d6f36c020ae4c2cc76 |
| SHA512 | d8c38dbe06897284d40f0f1e53be788d3fc42e62bd7aba0c627c7d54fb72d716052252668e4c75a84adb7e001e5d6fd67f55de9244ec28546ee6484168349ab9 |
C:\Users\Admin\AppData\Local\Temp\b22f4bca
| MD5 | 9da9d0ac8f35d97e9f17c298548743ae |
| SHA1 | 02b2358c892818efa2907d6f37142aa13db44c31 |
| SHA256 | 1604a2730b1924a6d815257ecb939f124069a6a1eb3364abd6b253b42da76ec5 |
| SHA512 | d3a29e99285d2209908932977bcdaa9d586984dbdf60ee6b42897a194a1835182b02eb3e2259d6fc4310844707d6142998c992b488360ec98e9ecd4767a4dbeb |
C:\Users\Admin\AppData\Local\Temp\b33bb5b5
| MD5 | 7d6766c9e94fcf5b0d7b4acdcd1a4b59 |
| SHA1 | b1624543cbe49b5ab1ef0f599905beef5f0f5d7c |
| SHA256 | f029cb8ffb51e52f3845ccbd74ea332e7862bfbf2ad68184d23e69d9cc1bc6bc |
| SHA512 | 1df7f46125f2a6a0f7eedbef9b5fd31c5aff0143870ee058e879703be55ddfdde176433cbfbfa8ec41506f02c39b0e5aadb64ce90e7d3c1e79785cd27f6c50e9 |
memory/392-704-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\b9969768
| MD5 | b60588953d80ab34dfc2d98ef6f36754 |
| SHA1 | df9a81dd9edc4295fc17f234de456217a6df06e4 |
| SHA256 | b689cdf07ad836e37e4141e67ad7ebdc9e40a9c7393f496caf729483a2c4e7c3 |
| SHA512 | caab9b32e220497bd395899d810a4f0b06f39d05fa4675046672cfa9fed7434e3ee96f83cd366a37044e97a815c3b97757cf83c45fe17e486bbb28b6300e0070 |
C:\Users\Admin\AppData\Local\Temp\ba19c2d4
| MD5 | 4b9f903fc180be92071a58434b16cb78 |
| SHA1 | 82b688d291d53f08ed134add4099b984f48eb7fd |
| SHA256 | bb47a145bffc3f4339ed3d7c51e0d15f5d5b801717c8bae484d9769e23029afb |
| SHA512 | 57666a97c46bbcc228bab32f56ff2b17da8c9ba8103899c2c71da881f7c6cc961a9af0f9576eca2f0764f4f8c4fed70e7239686ea8ca799281d65a1af80e86ac |
C:\Users\Admin\AppData\Local\Temp\babd602e
| MD5 | f72207ce5fff942f68085656e52c34bd |
| SHA1 | 568554a435216c1e7ddc930743c4a2b389208ed0 |
| SHA256 | 94532200d0aecf88eb2ba5098616125bb49e87e3521d23bb68fe302888c3da4a |
| SHA512 | ba063ec525b5117c960ad678782e53907a2b6de5b4f045223c23906d9282d2c55c8c54ae08452a2013de07eee4085a1fd06004e8a73dcc881e6471f37e48b468 |
memory/972-717-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c3c71b48
| MD5 | a3673056db6133ebf30054fdce0477e2 |
| SHA1 | daa9d02fab70ed817303794a6d6cf484c2b1f63b |
| SHA256 | 918701da909d7080d2a3a2ba234958319b763a258e78fed8f30e62ff0281f95f |
| SHA512 | c5d1ea3484ad9cd9651e44048a2af597332740c043353686e9b845dccb7fcc36af1342401e4f2075c4c86f05d3e2c67599bf9051d4f47fb2d4ca96653502cffe |
memory/5520-722-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
memory/640-723-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
memory/6132-724-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
memory/6044-725-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
memory/6440-726-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
memory/5464-727-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp
memory/6212-728-0x00000000739B0000-0x0000000073A45000-memory.dmp
memory/5324-729-0x00007FF9FB7C0000-0x00007FF9FB99B000-memory.dmp