Analysis Overview
Threat Level: Known bad
The file https://goo.su/G3LwWcK was found to be: Known bad.
Malicious Activity Summary
Vidar family
Vidar
Detect Vidar Stealer
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
System Location Discovery: System Language Discovery
Program crash
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
NTFS ADS
Checks processor information in registry
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 19:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 19:10
Reported
2024-11-13 19:13
Platform
win10v2004-20241007-en
Max time kernel
156s
Max time network
157s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Vidar family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\installer\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\installer\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\installer\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\installer\Setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5476 set thread context of 4372 | N/A | C:\Users\Admin\Desktop\installer\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 5904 set thread context of 1004 | N/A | C:\Users\Admin\Desktop\installer\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\installer\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\installer\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Free Uni$tall PA$$ 12345.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://goo.su/G3LwWcK"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://goo.su/G3LwWcK
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9617aa9f-ccbb-40dd-ba39-6e9aa554ef1c} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25cfd1f8-df48-4eed-9c8e-2a0cd6745cf8} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 1456 -prefMapHandle 3120 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b23c857-0a97-4199-8a15-2c876c917486} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2784 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d77c619d-296e-40c9-a761-a564fc751875} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {149944ee-0748-4739-8194-8d04cc2fbd06} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 3 -isForBrowser -prefsHandle 5712 -prefMapHandle 5708 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf217071-9518-407d-ab7a-d689ebce3be4} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aa39627-2aca-40ad-8b9e-01b75444859c} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 5 -isForBrowser -prefsHandle 5848 -prefMapHandle 5684 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f54336e-f9c0-45f3-b7bd-43f36b36dbe4} 1496 "\\.\pipe\gecko-crash-server-pipe.1496" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Users\Admin\Desktop\installer\Setup.exe
"C:\Users\Admin\Desktop\installer\Setup.exe"
C:\Users\Admin\Desktop\installer\Setup.exe
"C:\Users\Admin\Desktop\installer\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 1664
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1004 -ip 1004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 1604
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:52211 | tcp | |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 172.67.139.105:443 | goo.su | tcp |
| US | 172.67.139.105:443 | goo.su | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 172.67.139.105:443 | goo.su | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 105.139.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:52222 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.124.170.33:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 33.170.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| GB | 104.124.170.33:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
| MD5 | 0df61cd6caaf027b9956db69e6f872d6 |
| SHA1 | ecff4a295113d9af9a4fcae0e7f9ad348b1d49d1 |
| SHA256 | f2eed2646d66730c93bc0a9e757463fd424bb6da0f9faf8695d5223419cbdeca |
| SHA512 | 1d30b918d41bfc51caf7eb3f9ecfaec0a1a7c6adda4a4629ce4bde89c05744561b9bbaea65a3898dd90d7cde05d2e8710e024d655d805caf9fab64581f256ed9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\47370b3c-5adf-4ad6-9972-7f978257fd0e
| MD5 | fe82ab6d3c0c0d525a3e26f73ab6fa23 |
| SHA1 | f427e08453b4452e1fec6c4b0ad09272c5e071df |
| SHA256 | 5362397a850bb005d91500bfd8a3ea03611bb3e9d2e4b8e465d7611fdc66c0f9 |
| SHA512 | 7849a36ea603aa5d9904995c6bdc4fef90204ec24e90e1295bbcf4e9b5654da21bcab95e4b34750e702b68b04c777462be8b5e04aef5c7f395e807e28f432376 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\a0368e1d-8306-4863-a78e-c3910d899834
| MD5 | 149f3f0e57286797b4b713bc2830dbec |
| SHA1 | 66b2e63fa42aa84dd9dc23b0e8b09d333132fbf9 |
| SHA256 | 0fc0e7c3180dd948b13be9f2d60f76e895645b879df8b0a1779f47b3224852c7 |
| SHA512 | 8109e3973a1490d1c6f22a4218b263b8be61e3b733c9ee08fb10879ed8219ede367327f01136628129f80b85972418bc5cdba77e489b1487edf19a20c109a6bb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\d6fbea17-7c5c-4e6b-a647-26e144ec9969
| MD5 | 082cb0fd91d287b82e4c4b80c9338e85 |
| SHA1 | 9219fb9e38d204d07dc609e28ae987899d5e686a |
| SHA256 | 904fdc8b5a69f3b60ad016d36be8e455c156f4801e318e32a1c0035a1ec797c7 |
| SHA512 | 79a19c2fdc36485ab6f0fdb18b4b37b012760793e5944a64836e31a234f2e6011fb6898fa812b4c4a6a0d37bdd1a73e9d57ea00f0589705e3ffeda73c83380a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | edae0137ece58ec4190a1177359166bb |
| SHA1 | 83c9ec4d23cbabaa12500e20873bac42ff91d78f |
| SHA256 | c565ca4ee684211e265f57d9c32ff9ccd675fa54ea9535f38d0528351e2e916a |
| SHA512 | 65079f5e6567e34940afa0c9cb9a2daea339d9fdf057782662787e735774d07c33f0e4482bfac81b4745c48314298f8f02dd1a48fdab8edc42dce78b7ae589bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json
| MD5 | ad204892618596aad2c45d5b15837028 |
| SHA1 | 679d981a03e23e7e1db0d3e7aa4d23e5b8a36ac0 |
| SHA256 | 07d0945ee2234f5d24f3820b99c63cb2d9c6f827a14dffe7a552d43e7811a665 |
| SHA512 | f6a728a12d0a66aff4e447ecc68918ac29204b4816de1efcaa71c35cb8186b568c71f78fc9bab760e7c33223f051356b795c1752e8e3c0ad1c90fad813397c15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
| MD5 | 49109569fa051db81db8d392912af598 |
| SHA1 | af0ea3bad3814b6b7277ec8d232d7d54f93440a1 |
| SHA256 | 31b0c58c35b00a853f4cfd32cc9cb5c28906dd81a13985214414b85146a68473 |
| SHA512 | 6d7ff0f24ce62a177cfb4b911ac3e10c0d4cd0303bcee01050b5e403588b058469f4e641be1086482142cab82e0cd26504f9d00f5cbb67ac7c8a65059036d372 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js
| MD5 | 4f318dc55ceb6426f604ec4a8004e5fb |
| SHA1 | f87746d39422ec1cd48df0f3c0315faeb80395ed |
| SHA256 | 8a1a067057bf5db62dfbc39ed05473b18e83572da31519727b010e8272395def |
| SHA512 | fe511988717cb1922a95dbb49b96a2c06b6464f63521eb981664a04a907cca390793af3d766cac3302153fe629435ffa61f62240c877c8ebd100e222f5ff939f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js
| MD5 | 69d2633542b7bb09c651f360afc63175 |
| SHA1 | b96bb22d3f1dd4f4debffaa08fb05d5340c4a6a3 |
| SHA256 | a3dd26253379a983a9680c6cf3508b47164d12ec4aee29867d528fe80497bdf5 |
| SHA512 | 680d859d7bc20fb8ea2b672e2f68ea5c7bd717c0fcf2d15af9130214ed3053e8c7bbfe2a8bea953593b2db1ffe9aa95403cb657164ff1969bf4b6fb9e0baaeaa |
C:\Users\Admin\Downloads\Free Uni$tall PA$$ 12345.iJinemOF.rar.part
| MD5 | 89d082a4cd2466997f7baacd579c4649 |
| SHA1 | 98d19fa723342d30f450fbfcb9980fc7d83e154c |
| SHA256 | be111092dc5a35fb490ba6cc6de0124ab5529f7bbf51c0c33892e385d83ca907 |
| SHA512 | 72ddd1e90b853aec0796b8f0b5bc97d3b485be0478f8b72a4de5a046d4f2dcef310cb26d15000a764f30149f2da51c9e5916b4410e92582f6a2d683e79a11c7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js
| MD5 | a133c200e39032a3961307b0388c70e7 |
| SHA1 | 8d075a45a45a8c1854feef85ade8fe956e056cc7 |
| SHA256 | 62cf87a4e4ac93204883cba98bf5a01369ffede4d9e240d29d313675ddd1c9c5 |
| SHA512 | 0c7df5992943ed53c85cc12dec04f40d9913e1a4aadb4857572836d4c6f952fe2509e35f3f90c201f400ba9099826227f8ab59fdf9179e06011b72c80d07c924 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 3a0807307279ec1386ac88d220af54bd |
| SHA1 | 98578d37b45542c7de4c2ee0da37d639f22c3fec |
| SHA256 | 6bdfe37a31463736cff16d434f2a6c93a7f5fa295d1ad01771507930f1816d63 |
| SHA512 | 1268769a2352c1074ef801e3623286f82a44060602c0c0cfe232abd9fb21cfd700cd53860f9869bf365ebf7303ac162616b03ee15a9123717b3e7d277170b83a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js
| MD5 | 0386f519ad890f661bb29361df422987 |
| SHA1 | a0bb8ac7749218dda37e556ef30847fabcc9fc7e |
| SHA256 | 2b88f0e4a0dce94473ee2762edea4f6b46a7c5b47043d8d166c5d29478d0bcd5 |
| SHA512 | d22a240e4eebc33da9f81f2be084dff25f20589b6afb71b1f9aa47952ec5d18803ffed6fc5e6841575feb6f3837310499a86bfa3d85dec2fce2b6b9d3eb660a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
| MD5 | 5d58e4489ae818600248c06be4f1a3e9 |
| SHA1 | 174e0e360de4af5229ecb7a5954b3cc36d1ad6ee |
| SHA256 | c334e1a76abd805dd53a0b44aba85c9f857c08f1952016f885c62ae274e91b2d |
| SHA512 | 26d96a736cd59d24069a31527f9364b823f0ef89ed87533e155d85d6a37a3980c98c604e938805117a837d34c80f8833dca2fb862ae1b4743d310cef364c482b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Temp\7zE0C4ABE98\node_modules\eyes\test\bg.pak.info
| MD5 | 8a679c02bfbb88c2760ca0d962c0b1c8 |
| SHA1 | 70b1528af5c62336043b2531fa7b477f9412278d |
| SHA256 | bda7bd9f39a00b007f21a4e9b82fcd2267f4dfbd53800379210ab4f91e982529 |
| SHA512 | df1031975a8acdcc471638dc21642c5081c9edb704382fd05c63ca638c61c637ceb97a480a18cfd3a1c784c020a2f2cf853f8c9bad5e3b3e3857c7ee25ea26a3 |
C:\Users\Admin\AppData\Local\Temp\7zE0C4ABE98\node_modules\node_modules\ipv6\lib\browser\jsbn-combined.js
| MD5 | b142e9d5184136e043f3a89f89af4faf |
| SHA1 | 2b1d21756f2133ec973b7a4ceb7ff4431a59acc8 |
| SHA256 | 9ac9faf7e20d8e586ab936d2fdc1a54d6ebf6f643a3d5b7118e4c6103e53cd08 |
| SHA512 | a7144226f7aae73a0c60828572ba4b59853836fa56206a48557b39f65e7318312772812b208a21894e747770d0e291483765a86b089541c5f10809611bd9a3af |
C:\Users\Admin\Desktop\installer\Setup.exe
| MD5 | 4d4a0049e32c510295ae603df1ab7198 |
| SHA1 | 6262384caf767f091a7661d44411c7e1f89c3911 |
| SHA256 | 60c6c8aa6ff036a9a871e031e7c15dbd1dcaba82a880f62fe789449d76ea6d6a |
| SHA512 | 78612f0ae46442b174b3bc2f97b81af4dadd0a4360a038e823ed86328732e70e803af7750c2993bf32ff214ef03c8e95a91969c5c3d814c8048ff4d2d0fcf6d0 |
memory/5476-1924-0x0000000000F50000-0x0000000001694000-memory.dmp
memory/5476-1925-0x0000000005FB0000-0x000000000604C000-memory.dmp
memory/5476-1929-0x0000000006390000-0x00000000065C2000-memory.dmp
memory/5476-1930-0x0000000006600000-0x0000000006792000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
memory/5476-1936-0x0000000006A10000-0x0000000006A20000-memory.dmp
memory/4372-1937-0x0000000000400000-0x0000000000649000-memory.dmp
memory/4372-1939-0x0000000000400000-0x0000000000649000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup.exe.log
| MD5 | 37bb3ae996e7caaeade18f1cb59500a2 |
| SHA1 | 1fac139b749297b6c44492b25f4180df674bd771 |
| SHA256 | b954e78b07b133591b8a5bd94ac59f74003b190acf446521d765bdb9f0e9dfff |
| SHA512 | 0e10a41dd97a46a3df0a39c68f517e447f490e1e536493cb96047c322c7e64a68f8348ad9b57b1d4315661ed124ab5bb6820aedf07acf95a6954121342340c99 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\76561199642171824[1].htm
| MD5 | ce7dfc75203eee9db025346ed9209213 |
| SHA1 | 2b99e2fefb382d13351e3471c208c14c8ec8fd6e |
| SHA256 | 666c0f3b1a7106d346572281771cb47133e051c5117a9387bd96e095c772eaab |
| SHA512 | eba496555d78b07ecd4436782bb96dc3152bbb6c600895f7f45b0d68c7ffd5041f7a094b8f1dd32b7f96ea6cfc8061926a8c055a97b8db8cfa238191b0472910 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 19:10
Reported
2024-11-13 19:14
Platform
win10ltsc2021-20241023-en
Max time kernel
154s
Max time network
158s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Free Uni$tall PA$$ 12345.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://goo.su/G3LwWcK"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://goo.su/G3LwWcK
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1872 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cda00d4a-85e3-434b-aa93-c37f3c67f2aa} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2476 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1192469f-f97f-4a2e-a15d-d2f11a4272c9} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3328 -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3100 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a33da242-44dc-40ea-8d7d-e4f58ee2aa53} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3292 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {631d34cf-6904-48ff-9dff-467965f9817e} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4052 -prefMapHandle 4272 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e29c8134-ef5e-4219-8b77-67f642ae52ab} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5368 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adc0a2c0-aad2-4c81-926f-cff2cd71b958} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e499833-7a98-45c1-aec6-9a970f9e7c34} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 5 -isForBrowser -prefsHandle 5812 -prefMapHandle 5744 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2460304e-5841-4456-a008-10475ee49c06} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:49722 | tcp | |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.38.21.104.in-addr.arpa | udp |
| US | 104.21.38.221:443 | goo.su | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.21.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49730 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| FR | 20.199.58.43:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\69967e92-6713-46b7-91b9-14a981817552
| MD5 | a8c8f7ee4ff4bbc45b602240214c99ef |
| SHA1 | 243ff347ad3fb90a4d39aa0698ca88b3df381e35 |
| SHA256 | dda33f481b7f34a2c3a3a209a1b943010658cce0cf1aeae7cf260ccfdc510576 |
| SHA512 | 5d9610a19ae284b72dd5dd8d39d08ffb8934edbd6ac9476a96842a482047f8459b450dd6318404058798878d57f022882793a8bfca67b1b1b1de1ab179d0ed12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\4d693bdf-61fc-4f0b-ba20-bb05c770d518
| MD5 | 18de77933cadf39e93d7b9b89cfc0f33 |
| SHA1 | 3278e55806729e83cdc984fbaa3e50266860fb91 |
| SHA256 | ecd3e3f02958e65aa8b001493b44e91d0b6549766dd42978ccfab852eab2518b |
| SHA512 | 9a32b6f0f24e85c0cf85b35e7ac77106eff609f7a5b21d1b7bb5ff436b24dfdbdba300d7cc81e11bac1cd5798e9a429e2ab1c1293c7b95b77a46ecb6cdc12b0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\e06729c7-a144-43ff-aebf-7f1a23483f1e
| MD5 | 7690631d030bcbe4e1ca6100dcb2c7c4 |
| SHA1 | 400fa3a3648df31fda33b84dec5c99bf65be42b3 |
| SHA256 | 0d2f193b1d6a1a3cf8e654d95c383c708cb8050c93f3768162db1b233c1708ad |
| SHA512 | 516e68859c7ae53744694727c0a3b8f23f00e74323dedaab2f34b95f253f102c0b7a27af2ed1175c3b6d9bb889f1b9365ddd574a4e34c625268a2e66351f605d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c887ccb91ce1fd228a57aefce0178e18 |
| SHA1 | 2fa9a41d1563e898ff06cf4db7c5a36477c27f84 |
| SHA256 | 3a54748fa07fa546d2e16a16c6ffc892a266f39c27ad6c278f12186b94248ff3 |
| SHA512 | 0da851cbd6b8e0a48983a57ae64438518370a4fc332babd08c5ec7d957236c5eeb4b7e08eb7b3abf59aa57e29bd90cbf1387e88b4a8e8c35d3bb3aaee0e84c9d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 19b1d71fc23dcf04e05b130e26611405 |
| SHA1 | d376c4bed8405d6164291c99f73ad6aa72e8051d |
| SHA256 | 3cfda5d09b44c4950122eb9d03214be0a5bc12b50a32fa029981e75fcfa6643a |
| SHA512 | 768c90d1ef9604ebcf6121469823d1b567f7899f973e4fc3cc4b49f6bebee1c0d3be1c84bdd2824c874ed6ea3e7bf107dc2df5537371e1b1b57cada91f8023da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1a2200c24d380514ef0a9a58577775fb |
| SHA1 | 2c9740318d0d55dd41f8dcac5692fca6cd26138c |
| SHA256 | a5372055e752a68181f7bdcc719213faa9cace0552fb48a5480a2fb2d46b6358 |
| SHA512 | e2f222862efd009816580be42f3c1f4dc363c10aef44640f15eada01844a7ec16dcbb4dab940fb3870a9d22b8a0e41fadaf0969f0938f6aee7a3e7a840a0b7ad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\activity-stream.discovery_stream.json
| MD5 | db1eaa051700240de73c5e021c653988 |
| SHA1 | 61e0712d5c62771368d80cfddc42b40b253f5eef |
| SHA256 | 76e6d34579db830b45d72b8f2cfe5ced18a5f851fab73773bca173059b49d4db |
| SHA512 | 313ec0e28a83519971a05ef12e5c29cedafd967921153fe1ba6f113910a6d90b0c204e08cf3b8862d5a92f2dfbbff2f9c342dd945723609c93a9a90591fcbe8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs.js
| MD5 | 9e505d1e578835d2b6e87902a9e66327 |
| SHA1 | 7ee0e24d9950caaa72ec39ae2da49817acfe041f |
| SHA256 | ed01d0b25fd547a43771a0bdcf4976ad342feddb0db0eb2ef42d9eff54ce94c0 |
| SHA512 | 9c8cad54c3e63922a4f21ad4722475d51533b15fc977a40c1bb4c7a1827538a8a3a7a098587d8d2066c33657adcfdc36f1532dea1d98097cc9652a272b4e8f78 |
C:\Users\Admin\Downloads\Free Uni$tall PA$$ 12345.-0so52hB.rar.part
| MD5 | 89d082a4cd2466997f7baacd579c4649 |
| SHA1 | 98d19fa723342d30f450fbfcb9980fc7d83e154c |
| SHA256 | be111092dc5a35fb490ba6cc6de0124ab5529f7bbf51c0c33892e385d83ca907 |
| SHA512 | 72ddd1e90b853aec0796b8f0b5bc97d3b485be0478f8b72a4de5a046d4f2dcef310cb26d15000a764f30149f2da51c9e5916b4410e92582f6a2d683e79a11c7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 576fbbeaae1cf0e1c4e6eb8e53658310 |
| SHA1 | 320b76705ceb8428cbd4acb2d5d5229f37f1964e |
| SHA256 | dfc9345aff263a1d307d1f664c9361146212a14def818cc80d6e5be95a661a3a |
| SHA512 | 7171fed1ad2d350be96d11c16b8d1ba68bcd482e7e35e795b9ef4dec47f2757a8ab2ce048f9b4b3e0aad7b5917a9a9ac227ac6ef12d5532f8056bf602efc62c2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
| MD5 | 66420de768611b207fb3eae6e785b8f9 |
| SHA1 | ee1911d54a155212faa5b72a7b74303dfd7609be |
| SHA256 | 5119e5163f7146aa23c718f81d8d8d9062a8bab22dec452b32af0159dee71ba7 |
| SHA512 | be0e78acd47dcf44b6790de155198e647d2c2f9a6c0b69a3b4b75499a31404404a5e3b968e6cef3a834f2e976f032275f8a9fe9ea64773c5fd004e917a468939 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin
| MD5 | 76e9a6619ff2c54a8879bb01d50c7f8a |
| SHA1 | 673daf730eb1858d8c1cc425728277687c286abf |
| SHA256 | 1a1871fe42b878d3498f9f7e54feb62167c0d80dbef49b454a331b8962d5fc16 |
| SHA512 | f54c541978d71184fb7bb0c79c9f48c8662a5ae16bb8cc9de49045611730e0a9bc0934c682bf85831cc5106b11ca4b763c0879d4158613a351b6742172469887 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js
| MD5 | 2adc6b670cb79b99bf21b6c238cfd82f |
| SHA1 | b57be36a8f00ecab33f8de973ee3778ec2c09866 |
| SHA256 | c0ba9850b35efaf9948de0e475f08d9c18b7a6cfa9a6e6210ad4d54e60d125da |
| SHA512 | d612c929c60392957892a58a8b16ff601ca96f09ce378c27ffb3817b96ed1e53a64e4432e35f4f7118666a1b56a0412ff7d912756aa391fedbb7e1b8bf128680 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99
| MD5 | 9e3efddb6d99d0a0c891d29658c2e98e |
| SHA1 | 96340a92247c37c9c334743f579fe35415ee2c4c |
| SHA256 | a5ab8c63413f205de27570851885ca81981f048965a88d31debae378cc6b51e2 |
| SHA512 | 79db0406bea046c58779063773290ed35456bb1eecd3f71bc147e0e6b3701f373e699d1f4f5418356ec5156c44b2c32572f42d40dc483d0be57d5c8afdac8473 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7bebd383bd332ce31c1e94f1babb5cf5 |
| SHA1 | 910420991b9446d1b2c98c387272ef9de290cf0b |
| SHA256 | 60c6fbb45cd55992fddaeb9727afa98850381593422f9392111afd2e28d34535 |
| SHA512 | cc9a1782bbd66d81ac003eba3a1e58cd60d7189930ec810c8c1528426f681f76cc8c480618751509df0381dc04d64df14830d3c5051152694eca5acabddc6489 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2130107e5257b20368b45be805376fbc |
| SHA1 | 660c41ae413465abece097c031045154fa0613d6 |
| SHA256 | f3861778ff2bb4d2502aa63a8c8c8439432876d259ac03722799aab061487a3c |
| SHA512 | 552c6ee9f7fa0200531a923baf8b7e6f85adab3745a0135a73f40af3203a0a1563366261c118fee15f5069f1519f3de415a471e272b6810ea1f5d13491b0505f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js
| MD5 | 1006ba1cbf346f47c1bd250ecb5e6866 |
| SHA1 | 08bfdd0bd5ccb31a3e7319bf011583ce03cd5574 |
| SHA256 | eadc559ff100dd427e7a97910ad685f45aa0148dfedef12cd619e2b768a4278c |
| SHA512 | 5380d10543245e08bafc8fb2edd6fa3bf6226045d9cb4f63de54a141974564148525f54025f5aa9143c5da94b6fe74213a7119d007850447d48980e73000b4dd |