Malware Analysis Report

2024-11-30 14:39

Sample ID 241116-rs34rasjgq
Target http://sakpot.com
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://sakpot.com was found to be: Likely malicious.

Malicious Activity Summary


Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Suspicious behavior: GetForegroundWindowSpam

Opens file in notepad (likely ransom note)

NTFS ADS

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-16 14:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-16 14:28

Reported

2024-11-16 14:37

Platform

win10ltsc2021-20241023-en

Max time kernel

372s

Max time network

348s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://sakpot.com"

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Athena.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\02ca4397da55b3175aaa1ad2c99981e792f66151.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Trojan.Dridex.A(1). dbf96ab40b728c12951d317642fbd9da:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2148 wrote to memory of 420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 2032 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 420 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://sakpot.com"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://sakpot.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9338dcc-1f63-4749-a937-5ee4c6ed48e8} 420 "\\.\pipe\gecko-crash-server-pipe.420" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8542e77e-ef8d-4035-a522-169200466f0d} 420 "\\.\pipe\gecko-crash-server-pipe.420" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3296 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {382de212-4734-44ed-b258-a5d65438a7fb} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3924 -childID 2 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a89f231-3206-4f5b-b9bf-18b3c8dfb760} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f7eb9be-ffe2-475b-b58c-5be789ac070d} 420 "\\.\pipe\gecko-crash-server-pipe.420" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5212 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95301ae0-bfeb-4881-b7a2-1b3cbb52ffb7} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -childID 4 -isForBrowser -prefsHandle 1432 -prefMapHandle 5496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a70b55b0-1405-4cf4-852b-769d89c03d15} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f1673c9-f608-4cc0-a1ce-5d651bea6aeb} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 6 -isForBrowser -prefsHandle 5792 -prefMapHandle 5796 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56e42214-557a-489b-b084-c82eb35c5cc5} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 7 -isForBrowser -prefsHandle 6008 -prefMapHandle 4436 -prefsLen 29279 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2b1c199-10a2-49dd-9f7c-2d3a3a38b494} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1528 -childID 8 -isForBrowser -prefsHandle 5332 -prefMapHandle 5256 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79e5edcb-bcf4-4bd6-8e23-9957f8c09ea4} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6484 -parentBuildID 20240401114208 -prefsHandle 5440 -prefMapHandle 1584 -prefsLen 30533 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f280cbd-4440-41f6-920d-c21ee255d8cf} 420 "\\.\pipe\gecko-crash-server-pipe.420" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2752 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6632 -prefMapHandle 6628 -prefsLen 30533 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32abaa61-89cc-4589-89f4-e36d3aa51343} 420 "\\.\pipe\gecko-crash-server-pipe.420" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6764 -childID 9 -isForBrowser -prefsHandle 6776 -prefMapHandle 6768 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ce444d5-ad0c-45f6-a68b-29005c511689} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7020 -childID 10 -isForBrowser -prefsHandle 4564 -prefMapHandle 7028 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e0fef4f-52cd-42e5-9a74-84c3207310fc} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
N/A 127.0.0.1:49729 tcp
US 8.8.8.8:53 sakpot.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 104.26.12.166:80 sakpot.com tcp
US 104.26.12.166:80 sakpot.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 sakpot.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 sakpot.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 166.12.26.104.in-addr.arpa udp
US 104.26.12.166:443 sakpot.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 104.26.12.166:443 sakpot.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 jsc.mgid.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 talesapricot.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 jsc.mgid.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 65.204.21.100.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
NL 23.109.170.154:443 talesapricot.com tcp
US 8.8.8.8:53 talesapricot.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 jsc.mgid.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 talesapricot.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 154.170.109.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
N/A 127.0.0.1:49736 tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 support.mozilla.org udp
US 34.149.128.2:443 support.mozilla.org tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 2.128.149.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 49.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.180.14:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.180.14:443 consent.google.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 142.250.65.163:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 142.250.65.163:443 id.google.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 img.youtube.com udp
GB 142.250.187.206:443 img.youtube.com tcp
US 8.8.8.8:53 ytimg.l.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 ytimg.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.6:443 static.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 142.250.187.206:443 youtube-ui.l.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.201.97:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com tcp
US 142.250.65.163:443 id.google.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
US 142.250.65.163:443 id.google.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\e778ecd4-ba8b-432e-b3ff-a531a5ed47f5

MD5 663f15761240ce37865290a277431e94
SHA1 974c5358d3fc331dda7d51fab563d903ee4a4870
SHA256 e96239e09f2a51dcad125781c33f5d7b240108b668d3e9904825c94f5415b9a9
SHA512 9b0bd73fc8e394a5b90369ac756c44ebd5217a15ef32e036e704d305c1fe23fd9cb89019b043346343c54110168f9b35ab59353b14f4d740c8e58725d1c225af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\16d57d57-0421-4caf-b0fa-e7299fe3f6fa

MD5 96f8efa5b310c0eabc9f6951d30a5090
SHA1 06c722c18fb7c03f0b54b46233c24be9f8972e7a
SHA256 e270f162894c72c923cd1b261b8934c9b87f3547c584a391bcea68c3f63e4dd1
SHA512 b11185ece9f16b23a35538b00ccb4d3ce6c138675beadf81f52008803adcf2263c20ae7af4357abb7ddc1ddd19e2da3bb8cbd7bfed0c5d9be87dc50c70f3bb77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\a26fd558-1596-4322-a95c-f3fd8a9ddfa1

MD5 2f8860579025379ab9be90c49e79c267
SHA1 0c161474cce478120ea6fea928c2a0a92fc6ace0
SHA256 4ee1b7b435cc8245d62cf18d573ee72fe16878af9de334adafe066033df99c18
SHA512 daaaef68fc57bb170085ee0d1690620a67ef3b4af56eb9df582e1fc3ada0f0742e1a1749b6f8590fe04c3254e9b4671c1c1a510f65b35c83270f8bc1c213f11f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

MD5 8f2f86f43faac5188458de83729ad845
SHA1 24db6f30bd6d252a46ee742e913cd90fefe9af9d
SHA256 d3279115ae025bde1f6aa23fe0f52b2e9c833ad456fa8e63ed5b9f742d1c555d
SHA512 df6749197351da46669415abc8050d327646381dcee46f12de5818a50c2ab9059cd30c5fbcf5fdab14d9cd2a7f31579e1a26607e4340af7ad96b95f8601c3f11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

MD5 117a51ca7f198528180e507c60a16c75
SHA1 6851a712988196ee2a9d7132b4c1f2df1ccfa488
SHA256 a5a15913ee7fffbb2fae1115256666e6d959036aa13d8754fa7e7ef65b2e8cb4
SHA512 782415a7a2ff78964c3f9b794efc91476ba54b4504a8a5366a63f7036dafc1f35d03507745f60276d1def9ebc63f61337039a61eb05b52f82e104829319ec8df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\activity-stream.discovery_stream.json

MD5 aca13fe4f42163669adb2b182aab47e8
SHA1 e9fc1e369e0d397e7b520ed2fcaff1136ce45c91
SHA256 4dc50529694dbfeeb7ed7b89927fd1e8a35a43022ad0b931e3be5f1479d6a3e8
SHA512 379db86ffbc4838b72fbba7364803e8e8e914746b2a94e19fcafeb99577d671b0097b7c2dc9ad1147ccbf9a7df7628bfa14668c591f1e1404fea46346429ef73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\AlternateServices.bin

MD5 f2903f22c0332ccd040f036b752b10bc
SHA1 4d0761270e01bca0c94b437bc1680452657149c9
SHA256 1aa49ff8ff4c47bf058e799078a353e77b8588c2b2f16bd0a0dfd0643270a7bd
SHA512 0d4807e5bc96fede2c2d596092deb4f5ff9695d211ad4a638d72d3ab747ab9447ed526dd560c1597d33607357b59861d58e8a4bdbc9db33f5dbcba2e9fffdfa3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

MD5 fea3f5edea5677cd212a51c4e59d71c5
SHA1 29cfabc21eb9e3f39954932bf17e58cdde8b61fb
SHA256 92cc9ae7706b1175599bc1675118edeb22b42b9378086dd46d277ac8fac00e4c
SHA512 6d6a39329b2df7781d2e9ccbd018b20892a2f2b152bfa35afa3202b665b04660d8f6109cc8f64ba2a25bf693d26005e8d7f0207f027f1a13ea4698c155d2697b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

MD5 ef720a4c68bebfa5b7888709c3b9169c
SHA1 b0fc88dbb22338f9e4499cfca96529c448848949
SHA256 33274f748bc80df15889b930c17aeb6864d2d18704be9ce06920a58aa13d38f5
SHA512 ab83a6f02660b394bc22c191b3fc919abbaf443f0264b86b1abf3bbe1f1b3fb56d807e3a2101c832020c2b44b2085c757e87f3ae74fa0f18723974ab47c9b38c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 f8087e8dccabffb1b4b2d5b8ac174cfc
SHA1 033bdb557f8647da5c0edf857a5b5ab475b20b9a
SHA256 c9dfd35543f1b821d537124d8a7802e0faf7fd0013d5755154d85f8126671f60
SHA512 2acc540570ff28d09b6d76ab2f03e31cf5a8cb4a49d0258a9db68c8670d617e78ba40b52a25f95c9cba4cf634c9ea8d2561e0a4c623b88b706b6db5dc0d1b5c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

MD5 42339655500e4dcb812e5eee0448d1fc
SHA1 663180cdb21447c4894c5006bfc33aa2cb0cdf88
SHA256 90e91293fea5f54916dd7c9fa9577edf2813858ed1064fe80634757392b54a92
SHA512 875d5ade458dcf7a39850f5b945c0d285e09a1f3108d83e1138bb0e019f694499e7be8dc30889fd33c1fd99b0e7e7025d646ec96ec1a6e02439f50662d594eae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\AlternateServices.bin

MD5 b77e8e349622e48160de8386a898886d
SHA1 523047a979e87d0925e52227aab8a9ac0b5dcad6
SHA256 f728bef6741e4c32519de18085362b01db399bc24e49fa6073bafafc9e2bd3c4
SHA512 e42b39593357b19eda977b9f209207efe88c62279fca101a96b3799e68d1c1225c6c1876228079d070b6d1ee570e12b56446a454e5f56531ab7376f7ab70df64

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 223e50dd739b633bccae89e5338323cf
SHA1 786c2dbe0c026ade0cfad3dec06866084c29b2e3
SHA256 9e15d76d53309348a4c95a13727202f7ae3247c61b46d559d9b3ed73b0af82a2
SHA512 a2a634a838c415b74855fe5b03162b5c1887c3d3829435c85475810952ecd236a539a278aac03fc76b19b6fdd161d77f8dc5a2565ea49cd73aea07ccc70c7166

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 8bff08c94019c6c53127947422da1b37
SHA1 79fcb24fc55a0d9561cf39756b3e49e4a8b26e6c
SHA256 3736a0c26baf716e7c1a25948bd212cea92220329897f6e4bb0002ae1268a2fd
SHA512 0588029d85cac907151a8ec7bfa9a816044b25dd5ebb271b7383576244d86ff16c043212e21d82fa7d1cc123d94c6f4e1a9af94773614588971211b2e3cfad55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 deb478de2ad280f02b3651a0e9cd1e1b
SHA1 facf2218d250a344dd000e5075c34234cf0d6326
SHA256 1f46251e5eb2a3359251c6bbd71925636e49eb4289700b541d0e2667dd7682ff
SHA512 d0e5b1d801c8235bf9e20d6faeb11ef07027ea7ec10e3b43e56f41e496944060acea2a13f206d5cc865de31e2b90a04a84fe2bb7626363a7e4a94908a69f44d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 5b7224cfe985283a2b8f2dc6bf3470aa
SHA1 e09d16bfe3de6eb4dc2073601813eec11b0f29f3
SHA256 d58b0d31c96bc8d703be4263b13bbf524c3c763c698219706c2804cfc37e48a1
SHA512 92ad5a25979d460213218d45e9a8317a679a6d5363c02da1143b97b878e52ed9f056cc4a5eab4a76bdc3dc329fb0d2dc29d87c1dfb79339124e71748335319c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 ff046518ba7ed8b4e352050479377a8c
SHA1 d2f725d08fedecd68a08346f45dcc2a2e6940161
SHA256 9a6e493ffec7ddefbea0b9a1dc2127ae20a6c5f7d963ec96cb70f3d98672b696
SHA512 9217742021928e7c2dd16d4f1eac449ef50512c875f6d02458597f028f8f13a2de775472b5249429cec66fbaba7c0f7089008348648c68e34b3f82faabcd2261

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 b4ea86f0af590af07667065617623033
SHA1 86d102a82a9c3cb5326bcb0884d4ce25ec5973cf
SHA256 0c028fb3677d31248c70556661d9386c94db0452411789675b73f7555858f2a6
SHA512 9c0432b94fdeb3285739770c202c4fe318ab8ee56313dfc86a6c223e84e5651c6557fabe62ff33393496774b75b36922862e3739058526cd256ea87f276a02c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\cache2\entries\AA6585CEBAC53D9889F80BDD9B469856EBFB0E80

MD5 65adf48ca87a54cfe3312a79f95fdf8a
SHA1 aa048ab591b5ee905adeb7abce14df6ebeb7b6a7
SHA256 5bbb012158d9db73a67480942f4ec3a0aa4a03ec5580edba56497a8a6c2cc494
SHA512 3f7aff5dba8fcf42136762a8021294f4764745408526c200259850b7c3ba6015449504b1fd4af2ad10f15341f1a50623cdecfdadefc4b8fa8888a05841e50934

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 9c557aaf8d3fcf8bcd9abb2f491f65b2
SHA1 14df84475bee4748a8b109376fd0b1aab25bec85
SHA256 d02a8a58623063d021a33f8c8b7e1f7bfaf2d974b70af5a9cd19b5f522025ce2
SHA512 577f754a37e0473a0ccf5fb53ebce301c27b9c73205260f2fca2381da306d3fbf590eaca8a144b4cc996fb6af46a9d70a9c2ecbf7f53c30a8d4b39fb5ddd6980

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 9ea0d35df5c362d2612951f4659fd87f
SHA1 0e1d979b8679c10602184e6fd6a806465052af6c
SHA256 1dcc4ca098c18279cdaf74b93f5b1c1499a69eee3fec3a06fb3b3611614c01cf
SHA512 8c6dfc28204a5aee3eade045a09faf98fea764ae2daa688b4022e5207f90a7e7fdd79b7e5d2645ee912ec857c0b343b29c36e4fcabfa7a11f9f33a7b4b6b6e3a

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 8a82679c615931397878b958fd3af137
SHA1 a74f879c21033a86b3f9667bdec6d3dd58cb776f
SHA256 6a340dd65ff5e25dcd38704e0fc86f7bcdd08fcf8d3127998f7dd773f78ca70a
SHA512 f31ab03a571ca6160462907e6884c528f4a0b20c93807f866f4461449b1f6798b6ab14ecb40dc4bdcbe4113ce69eafb79c760168d6bf9ceda9e36d6e2baa11a9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 86f4e4e6ffed61b050af1c60825818c7
SHA1 adf545fd6522d014cb558c73fdd75e391361e745
SHA256 13b3976a3c8c9d6740fb3596d52e0d8f9117833c990404958629b046e2e17ef3
SHA512 79026749cc2b19156c6bf1d7d85fadfc56ec9068c8b08266ff209bc82bf90535ac5843c5e57d3c5266e4414a9e101a93e12c481680d13250afa67707341e4fcd

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467

MD5 473eca3ac6347266138667622d78ea18
SHA1 82c5eec858e837d89094ce0025040c9db254fbc1
SHA256 fb6e7c535103161ad907f9ce892ca0f33bd07e4e49c21834c3880212dbd5e053
SHA512 bdc09be57edcca7bf232047af683f14b82da1a1c30f8ff5fdd08102c67cdbb728dd7d006de6c1448fdcdc11d4bb917bb78551d2a913fd012aeed0f389233dddf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 266a169c1e49b245f542baa28f0a7941
SHA1 f331dfe43fe98bbe9b4bf7e2e804c36f7018fc31
SHA256 984b5daae3004b960cc8b89a5d6e5865a77293914d6a5324746a0acc5cc9b54c
SHA512 86852cb4d0fc9abacaa94eb25c749c9aed09ec3d2b599fba050c21cf0e2353cd2956c754272214a75c238e54a075db35b2dfa2bdfb8a5e898bb32e990befed36

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1b74933feff890c253d0359025f943db
SHA1 9f7520a8bc57632a6ad7ff47849c7596cae72a34
SHA256 0ba6ecaf6d426c270dca7ae5c0586f407bad89272dfda092d99eafdddb9ea12d
SHA512 f4b37ebcac8870c4d097ad9e5370c7d1a628c80b6f0916a4c55aa2622db2c256ca1c17960e604dd33711e154a42ba19234ad06b07d91150e08c9fed31e57d603

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 a1f739bdf302873fa0a3da7c57be3ded
SHA1 4946f529277e87125f2931b23457d60802f530b9
SHA256 fa336dd03be5a1ae437abd4f8f81516e151a758d03111eb5c8cc4d08811fbb3e
SHA512 49973297b46d8706bda12564082b297e54aa430faead44bd80d1afbd88fa362ff19dcaaa2f6afb496c1b141d3faae6fb043c894cd7ff4d8b6154a15d3dc2e048

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\jumpListCache\0LT2ZyuXzmNwUVgj+_zRsAtXtYl4CQqMwQ7dgA44sys=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da

MD5 dbf96ab40b728c12951d317642fbd9da
SHA1 38687e06f4f66a6a661b94aaf4e73d0012dfb8e3
SHA256 daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced
SHA512 a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 43562cbf9988b3fa008fbb3ba01cd06d
SHA1 5719782ccfc12c87bf28d7b3448e2a490edac684
SHA256 991725b9d8ebeb6e99b4cb85eb96d37fa79b460ded940728241b581fb767308f
SHA512 338d1763feb81f515c333208abae0646c3a642e92762a363000f60f3b303c8d5884f81405d720a0d1e08fb932988ff9cbefd19ebabd30a9f83e94625ac517141

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 722bdcb2c507474cb709e511d3cad348
SHA1 9e7758802fa589f91c553872dde980cd7d880922
SHA256 1abdfda6062bd905e7d57048b5db5994467ca03143039432ea108744e2bfc170
SHA512 6f705c80a79d1a7b5741cbb0e396ab27dbec8e25337ba6cec522574e42efa40be1c7b46b53b85a67a5532c9495063ec7393fcfd7293051a37a8061d72258967b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

MD5 a4fe79b8c9c38d8feb2ccf218af4815d
SHA1 ac22513e2aed265134b71e2bf976d98f7c9d7cf8
SHA256 e9506903148b5a53c1376b208d611e1b8fb0cef7779cf6f972ad2ce66f519a0d
SHA512 2d98a3cf978d9acbc691d50f9d2ab493ccae02beb87f9f9f73bc5db4b74c7c25b22731f072fa1bc14e17040e22c2dd7f6f9531c8a3464ef159378c7af834ada5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

MD5 eac50d5dc60c5ce54bf6be3fbed9437c
SHA1 6b0706e8510b5ba2b4e9a05089f3f3d5a12129c0
SHA256 fc126817e3d5d2a686e5bf5863628a841a5f7286c2115c1050da82838b69fe02
SHA512 28dc9f2914f82de1b8f020a3fbd3d4fac6d49590f2a4c60063a9ba4b2037d2088fdce76c36687240ec6078d9a9ca1a8bf3e82b28ce39a3f0a500d1bc97fe78bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

MD5 0cabe3f7d5a4ca214759b622bd5f1424
SHA1 ea6f6372b4ae2f75e6bf7581a13587892b05093f
SHA256 f9b1e88ba3cc0f78de4eec311cdaf2bc4f046aac02d26122b737c10868cc1eb4
SHA512 91c757c95eef77bf5c01871d711fd830bbcbc4fa11b38e3c5ab80da8ac965e759c85976721e179fe9e769f2b7c037a9d3aa1dd088444fd569e826f547e13762b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

MD5 aca72c75d3e6a300b3ba29f3bffe46f9
SHA1 7aec4cf77b5c3e9059a0a94c4e1b53df95694d89
SHA256 69b1f5eff38819363c324bbdfd4259119b2463274352316eb4dc5dd3a73733b7
SHA512 016560ff85f50ebf4cd7a35ed079219ab82f351d883651a29b91eed2af41646543a8de94ffd3ca6f6960e2b610b43fdaf928a10eab700145ba477ff9a62b56e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\ac59e657-fe0a-44bb-ac49-0ac8edf4e053

MD5 9003fb9c2ee7262f9f47a8f7a03354ba
SHA1 1ca50b45917e47fe6d5a5c902c9f8aaf26e4aff4
SHA256 19f140f06c3ca52e04b095286cef721b9a9319269e51a93b36797f458b6ad2f9
SHA512 3c6ecd21ea21f983cb67f3008ec226bee03e96dab3321d48901e72a124c9be1a983d6ba3e4a46e1d8b74cd38b9c7f7963a212b759591074902ac51ca48f65eaf