Analysis Overview
SHA256
8576e54f5aaed3de646dd2e0bff7635acd18ac347933bf39c3668e943475bee5
Threat Level: Likely malicious
The file csgo-release_beta (2).dll was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Unsigned PE
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 09:16
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 09:16
Reported
2024-11-13 09:18
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2420 wrote to memory of 840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\csgo-release_beta (2).dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\csgo-release_beta (2).dll",#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 09:16
Reported
2024-11-13 09:19
Platform
win10v2004-20241007-en
Max time kernel
190s
Max time network
204s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Extreme.Injector.v3.7.3.-.by.master131.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\csgo-release_beta (2).dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\csgo-release_beta (2).dll",#1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9959195e-02c4-40cb-80cd-c34550cca613} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {790b98c5-e399-4850-88d4-6270fe2948d7} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2940 -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f557f7c3-1258-412b-a2af-bd7a305ffdfc} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -childID 2 -isForBrowser -prefsHandle 4152 -prefMapHandle 1020 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf173af4-cbaf-47ff-852a-8e60cef88ce7} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4792 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {853cab7e-b315-49c2-8f58-a755c337703f} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5200 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0356dde3-2ba7-4750-ab25-26bd18894d63} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff4dfe9-37b2-4d3c-9e71-1e38668d8577} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ee6a22b-88e0-4227-9f9e-eeb2244f6114} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61d75379-5f9f-4790-aea1-325c64c04402} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 7 -isForBrowser -prefsHandle 6264 -prefMapHandle 5088 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2494dde4-3ad9-4cbe-80e1-2431ad379c71} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6752 -childID 8 -isForBrowser -prefsHandle 6716 -prefMapHandle 6732 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3f226e-3fbb-4f55-bd1f-0915a073b69c} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6724 -childID 9 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43b7ef54-b621-49f2-84f4-d95927338e7a} 4012 "\\.\pipe\gecko-crash-server-pipe.4012" tab
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:59062 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 1.97.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:59070 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| DE | 23.55.161.211:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.65.91:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IN | 142.250.193.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| IN | 142.250.193.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 67.193.250.142.in-addr.arpa | udp |
| IN | 142.250.193.67:443 | id.google.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\5fd31add-efb1-4aea-ba4c-b24e860086e8
| MD5 | 25b96e6b73f9b757eaddf25787eb3e80 |
| SHA1 | 2169ac68c0e7cf3d8aa609d465662e2ae07e97a4 |
| SHA256 | 05650385505cdffe19dc77fd423fac434ed293f1d36a608b7b74380d19131622 |
| SHA512 | 8e0fca76e3d435d613acd0f3a5fd3114b309980a8c30be331097191fb1b2d74a74c65a42c44a3646b403c28c93222d46ccaf951072b7faa76f4233316f6e23b8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\3387d65d-c5fa-45ba-9bb4-de21826924be
| MD5 | 75aa047fe2e7cb372cd2b4e051178ebd |
| SHA1 | d0907e09fcca70251a861f5594f0373f94630e44 |
| SHA256 | 2d8b42f8938addc84dea4399239d073820d944d8d4460cc01b8f9e8984a02449 |
| SHA512 | a6d261f90416f183402c9f34ce38d21cdfbc442d1297aa0c433ea651012b1b5994148d407bb28e9aad089b7708434989161c4ec5605944e709def28de3d322c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\60a9e512-0572-4eab-87d8-0cc25fb7be05
| MD5 | 270b2724f694444e57eeece5af5d273e |
| SHA1 | 1d358cabcfdab3f69295ce2e017c56d6a9189e7b |
| SHA256 | 03c76dd5a3b4c2c29f58c7480dc33b4ebff3d411ece2a3b50665249e333e6c6a |
| SHA512 | e92d1035b18c477f5e340bfd1164e20968ba79b047faac31ffb37481df05565a1f9ed1141a440fbb01d4c54ef7ec70dcff0b990fa468d80623dec3cfc4ec9223 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a251e45443b8cb5dafa9982c1a45a08f |
| SHA1 | 4f576b269fee8db174bfc1566125c8c5c3820510 |
| SHA256 | 611926bef6c3fb44dcfb0801a640b77aa284995ebdc3fb7bb47782ee6d6f6444 |
| SHA512 | 55e39b4ba1853b4426ddd633dcf760cc96548ead6069019eefdd2531f6ddad6792d838c5636ea7e818f588b817eaaaf29435abafd22d135067a2d713b91a3878 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 86109008ef13d72950a89d4e494ff410 |
| SHA1 | 7784d2dff0d7d0e904939d63c92ac9621a277800 |
| SHA256 | a96e357fdfad98ef4008221bed3b8d7d5c7cf66c631bfc02efdb95383de85ec4 |
| SHA512 | f3b7914d0fe843e9be11b8590d493321b6bd2608e21ab03e339e793f84dbd0c5ee52ceaab862b71abcd98ec654eca36ae520a0d1d3a2045c743a2ef9774e4703 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json
| MD5 | 79e084783226017a752ed495436937ab |
| SHA1 | 45bffd92bdc5e951200d5d91391addf8e89577f3 |
| SHA256 | 79e4b755cf159a030d52262edbfbe24dbfcd690bb145321b3619a33acf9ecf31 |
| SHA512 | 2f4a78df2ddf556beb8f252e0ac6c8c678cb8fb1b1b160482f82058192d1805a0af83ca1c1f54bd62a9a4b4fe0fabe6ef3c1c1fb477aa48719a6ee5b9b5dfb23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin
| MD5 | c66501f27f6f68e987a8a8fd41595714 |
| SHA1 | b4170a3217ed5bbe0d126d669d2cdccf0433be60 |
| SHA256 | 25ed5d15b0b541823b7052296c2f7056c0409bce43061e45bd739b88bb4dfdcd |
| SHA512 | 9c99dffcc31c7f5fad0d02e57165cdad5dbb1fc252fe1d03510cad7b90205fee36d2ff509304c33d76443fbbdf854153dc843611e253fc9241f1ff1a0ec9c96b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js
| MD5 | 7664f002bdcca63b4cec5970f81a13f2 |
| SHA1 | 524a6ec91d6bffb8b8278b989d3cf7163a88687b |
| SHA256 | 40b79e5fd59e4c869ae3bf4d5ebf8599f2f09e2f7c8ba878256adb5f5b8bf87b |
| SHA512 | f062f8244b2df4f694d451e343b608ff1d08c4358805bd0c535417aee6ee2ce8401636c0c558bb063879077d88e5bdd015eea790e8ba7376714c53ee09ec3a79 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ef8730eaef372720ce7857a0a6f149d9 |
| SHA1 | eaf4fb0a5891f259c12c06ef8b1f69acc08fd84e |
| SHA256 | aeb12e6c37c7a072e04d2ccc5482acd322238169cae507ab8e662462cfd42e10 |
| SHA512 | 2abf887a408f64fd8cf0605ae47feb0dc451ef4121979b44d2f57fc16fb6310d5e022674e38c08fdd4198fcdbd1497d403e5f3c1b835d03094b4321cbd158edc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin
| MD5 | cec7343b7d0dc1c5a3be0ab772932228 |
| SHA1 | 377b0e0099903891e6335ee46215ac39933665c8 |
| SHA256 | 6e77c1bfafeaa7b05907dbdb83dba8c5ccb8642c8cb780ab8b38e505978e7f54 |
| SHA512 | 19d130ca0097e86fd5db66cf30e7d63cb08b13c4e4187a175e348d46a138264e425e424c262b4e1ab15712cca447cc5895481df6955ab1d9eff08e6afa609635 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4f01643fbfdb33ca6c82c3431e3cd9ac |
| SHA1 | 8241c60b5f1760f611b9533a26a65cfca0447a8e |
| SHA256 | db3941b6dc16f54810065eb77ad1d2a929205a07f0ebbd10bb97b93240356ae0 |
| SHA512 | d6463e332083dbb9e9145ea727c0e586870c9242dad6710594942b29874b960da5b30c2190a4b0d3ae28199c392e78cb5c9589a1414977c9d65e2dfe97bf35af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js
| MD5 | 9d55216744dbc5b2f833635cf9aac2b3 |
| SHA1 | 67a6ebf66f71bd5f140210e550dca7de3f829d2f |
| SHA256 | 2cbad7b73a6fe41a449ac300d7a16d64a471bb7aefbed366651a266663c5cdc5 |
| SHA512 | 338f89e002b457008cf76bb6ac501ce2d47c4ad08eb9bc43f75fad46c4b4c2a9e4e7ada0a32ff0859ebf6e1052f391f4c5cc332c628a10aa50bb95b5ffd24f12 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6ef77c948670a9733ee27c973e63068d |
| SHA1 | 44e24888733816444e157dbb6d4cc421b9266e1c |
| SHA256 | de8bbb8f36bec2046618eef13bd180eb49548e86b6a97d527dbc950776011155 |
| SHA512 | b632e3735f2a83de1c07a1f36eb92f6d26780c237c0f726f7e831e866ba0c0b2da5dd35afe02f089ca186af0ca6d3b55c867f59c29811e1b61c54c30f92963a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7a073e50b7e6951a0338cb16f0a82c07 |
| SHA1 | 8ad0608c53ac98cf7447228f6963880cc78367f1 |
| SHA256 | 92c306787aa36373ad572af1b01a51e00c660a14f806f4da37ecda007a4a57a7 |
| SHA512 | 1ff47c58976f0063a6c0d9b886e0e8a162786069c897820eb8c2501bc08b51b6f0eae131c38210ae579481a4fe85df26d601bd7d344a9ce4812bb15a5285af7f |
C:\Users\Admin\Downloads\Extreme.wkp7Kcb1.Injector.v3.7.3.-.by.master131.rar.part
| MD5 | 90064f3c81022f4beb1b660ea21f16c7 |
| SHA1 | 3fd13ac9bef5dca67f98750e002712de219494f0 |
| SHA256 | 93dda8b91586acf53c70dfd3f512fcff5793a9af69e174d7e3ad67190361bce8 |
| SHA512 | 897ed287392c669bc97097e4354d8205d30adefea06d8e2ef38e8a29b2a92fa499024a085270de517b93cdacdbe34bba385145980db92dbea277450f3be7ced9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 68fcedd3af409330153d33b619355814 |
| SHA1 | db46a36a1b7ea02c79cd60d9554b6daeccafabc8 |
| SHA256 | 3f080c270381314f5b96922fb7364af3791814db6958daa1cfe07076a1fee77d |
| SHA512 | 8d29f1a6c5f01a8fd82439dce49ea58ce7123ac8aefd6827c6e8414b7f4d27b57e89a60a9537bbcf470a7803adbc35ca4bca865b89fc6979cb4cad17fe7e182d |
C:\Users\Admin\Downloads\winrar-x64-701.ZKqFdfQI.exe.part
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 87192397d9d9d258cd15987b9f1b925e |
| SHA1 | 692a40c29181b72d66b0a9313423b5aa9b1d8a16 |
| SHA256 | de330eef0055d6442e68aa5acd2a560270096c5471536d67e931351267f19db3 |
| SHA512 | f0cda7de5acc7018b812d2a8cf76a0839546e04b10327e7e7f007a74e3b46454641331d6a1bf937d2ef8d589beef0fcea17ea15a40ee963c4b4cc4358e74f714 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 07ba47df97c15f2894130ebf0353d932 |
| SHA1 | 60dfb1e3e2e36f15cc545a5439f899afa83c7e96 |
| SHA256 | 9c9e4d1555935f548eba6556e3656097d5521398789aa670b719c0a059ef2adb |
| SHA512 | 4ae2f8de75a2c5769cce260372f96e45e092798e663483d287e3bffec138847a978120cd9f817ccf88d53361553b29855245b1f1e8d28419fb76dfae814c0fdd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 96718a2a312e484bfe859f633ae945aa |
| SHA1 | 38e2114495fe606b3f1ccd2a0643522d768b13e2 |
| SHA256 | b913c6d50d2c9fe225cec78881355ed2205e02f0f303be2d68b717c2aa0f3f15 |
| SHA512 | b0b85f55c8f0427f9ed32114c6d2cbf7e682519c6e75e656d16f1f67d17ba40314fd591cfae119348f1832b73128a12e9b178289149166a522184ab1879f5a22 |