Malware Analysis Report

2025-01-18 04:12

Sample ID 241120-2f2p9svhpq
Target test.exe
SHA256 5436bad558c5bf3cb413020100e8426c0e07a45ecf34d679a753e168fd46d9fc
Tags
eaglerat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5436bad558c5bf3cb413020100e8426c0e07a45ecf34d679a753e168fd46d9fc

Threat Level: Known bad

The file test.exe was found to be: Known bad.

Malicious Activity Summary

eaglerat rat

Eaglerat family

EagleRat

Drops startup file

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-20 22:32

Signatures

Eaglerat family

eaglerat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 22:32

Reported

2024-11-20 22:35

Platform

win10ltsc2021-20241023-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Signatures

EagleRat

rat eaglerat

Eaglerat family

eaglerat

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.exe.lnk C:\Users\Admin\AppData\Local\Temp\test.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4292 wrote to memory of 1152 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 4716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\test.exe

"C:\Users\Admin\AppData\Local\Temp\test.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16b360e9-ca32-4256-bfe3-a50da86f8c21} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b4373d-fcd8-46a9-84f3-547ab05eb3a6} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b54540-f136-47f8-b152-20a3c7287dd7} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -childID 2 -isForBrowser -prefsHandle 4308 -prefMapHandle 4304 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a7d69a-aa70-40da-bae5-d6c00b678e66} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4860 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7443e5ef-4b1c-4fbf-9640-39445d1b43c4} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac98fe0-b4c7-42e1-a0a1-b1020a26b89e} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6536294-67ff-4018-9384-6c2e3e68b967} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5656 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb8c5a6-0cb3-4775-866f-535ecff3ee42} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:49758 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 63.125.164.35.in-addr.arpa udp
N/A 127.0.0.1:49768 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hnednss.gvt1.com udp
NL 172.217.132.199:443 r2---sn-5hnednss.gvt1.com tcp
US 8.8.8.8:53 r2.sn-5hnednss.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hnednss.gvt1.com udp
NL 172.217.132.199:443 r2.sn-5hnednss.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 199.132.217.172.in-addr.arpa udp
N/A 127.0.0.1:9875 tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
N/A 127.0.0.1:6969 tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:7788 tcp
N/A 127.0.0.1:9875 tcp
N/A 127.0.0.1:6969 tcp
N/A 127.0.0.1:9875 tcp

Files

memory/1896-0-0x00007FFF605C3000-0x00007FFF605C5000-memory.dmp

memory/1896-1-0x00000000003D0000-0x00000000003E4000-memory.dmp

memory/1896-3-0x0000000000E10000-0x0000000000E2A000-memory.dmp

memory/1896-2-0x0000000000DF0000-0x0000000000E02000-memory.dmp

memory/1896-6-0x000000001BFF0000-0x000000001C066000-memory.dmp

memory/1896-7-0x00007FFF605C0000-0x00007FFF61082000-memory.dmp

memory/1896-8-0x000000001BF90000-0x000000001BFAE000-memory.dmp

memory/1896-12-0x00007FFF605C3000-0x00007FFF605C5000-memory.dmp

memory/1896-13-0x00007FFF605C0000-0x00007FFF61082000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json

MD5 cb07964f0e20dca054521ecf216aaaf6
SHA1 d7de3ed6fd3b60dbed1de2f1faf4eb21204a9113
SHA256 3b4d0feeb5dcec9a6525c7c9cf4a5dd02a0aaa78706bbf8b558744bbfac05922
SHA512 a0499ff5b0cdae25336108740233b585348b6e4dbd8c0641c52ba9ef81487aa617cd160dd6e22485d01de3601a5531b5fc68905714f2e057cb2b73a48c4fa47b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.exe.lnk

MD5 e465c4f14ea58bae631ef355b73c99cc
SHA1 d7fe0b839b92ccd094ea8658eb50ad85830f822a
SHA256 6de8005e4cdbe7bd9bed9a442966f5f6af0141b3060f2a9f12057b969b69d978
SHA512 1eee0062bbb089be910dcea63dacc493cb6feba308d5c8ebaae54898cd6559cdd1b9480f7ed8dab5a0d6495145240ce58dfe3790693029dab573066a16f799aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\4fd21ed3-6227-4b87-a3d7-70cc85f00b42

MD5 23a01beaea0d8daa47cdfea31b894681
SHA1 6801a41f353e6ce6524c7a23a60f627c64ee3e47
SHA256 71091bfb5cfbae275b4de4ab3021f36f93ba7233ea5edca20d4b7c345777556e
SHA512 6999b7dde44b5f9c38ff82db0b26584ffff7082b4053fd0956eb5baf1db6b9fcdae45ba2c59e1e5e50fba9577ceb2593b8df5a13f3c1f1060e58647d83dcb796

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\80d1f8df-71c3-417f-b5c4-510a4252c7af

MD5 5e9f2bec55f96f0b1b1c8d8b8b5cae3b
SHA1 ea58c724790acdeb71d97aa03a585e5caff90b4d
SHA256 1afbb64877a8eb9e87717fa84ebcceadea3a60574ea5af049e7774df3b721103
SHA512 1e6ade68a41c7ceac2432fe11e11e32b31ee10cfe71cc784158dfb657e6f306b286f0edcf354139551f36f6181dcad91d79db0707c83d70c64212829a2c54182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\932eef76-eb92-44b0-b837-216bb58556a2

MD5 acb51b6e7821545b8ee3a8d11207509d
SHA1 f21d405a5af6af2d52488fea88a54da75165c91f
SHA256 8d793f888cc07b72f89182a0ccc0e0e754ce6aeee363014b3b4a48cc123321ba
SHA512 0fda5901ad93c54d892a30b0ff73b8bba6cd24f26492223b82d51d789938ff63ca2ea4fd5f61aa13059018f60456d480dc247070c74cb9ea0a202d6da62e9f3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 a0f583fb36ef5062c8ea1e90150118c4
SHA1 add14fb3e0c03dd14b72b915e6c285a48f474ec8
SHA256 9e3452afdc673597cfad8aaf994e30e27309097f0ab91c0fc4cdae56d814d883
SHA512 22e66ba40de44c3351638c612802992b0b2e40629fe0720530c58803a8d3f71de1bc245b9c12d5a9ab4564801f348e45cc1c8c159d26fdaf3a3d499e42b4f7fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 24ef09a03b5f8a9fce6cde8d5f15e82f
SHA1 bf681a5e87fab58a59bd5a428558ae6e30f42aec
SHA256 ec2ba30a9a2f6e13cf4e38c1bd96d914c2fbd7bacaec30e666c63a789b2f55f6
SHA512 c043bd83dbda82e79f62c1aa17d2833b81faa960143cd715c72f17f6dc0180963d85e97ed3acc54f17d16085739e0341723658ba28e4644ae2b8818e6e745264

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

MD5 60536dbd7d6d6415076afb430657afe5
SHA1 7813e7a43ea767f001b2f19f9f63b539b3b71926
SHA256 b967c23ef944e8c2bd9b65e55333f88210eb4ae354e41b4c82774ba05165d26b
SHA512 68d2a5160cf29139cda66d2c78b64a7689a9456e55b618e92f3fe9b1600f74482f0d4ca5a9fbdb5f7aeb3079e8764642fe47a2d2828f4ca688474da73225423a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 a430c31e1981f9c82611f3ea44c85014
SHA1 c45710030663d79865869c3f7a9776dcc69e6ae9
SHA256 aad961431092892d8ae125e774961d4b60f17b19c58e526e24995b4b0922fb76
SHA512 ddab1afd38a596f952c7740d3737dbb15001b6ce6f4274b170b238e6cce4a061da3ba206c29d0af347f400a0d1a80fa942c8ed99daac39ab16b423fa41aa9560

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 340c62cc0e37b83657999f934944240a
SHA1 b228dc620313711b96418034b609f37755e5493c
SHA256 8cac553f30591e7f3a50db50f45d0a4869b1a2a5e1a47d611ef1ec6377ef0c2e
SHA512 44b83497c1587cd916cec9acb299de31088ff9b2f2c10e3f2744a1881c12c888a4f1062a6a72eb2ea04cc8daf2e66990d9e9670c0312c875040e0cc4764b3a18

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

MD5 f25b4ac37305f41cb65f75738272fdbe
SHA1 3cdc9c41184e04be88f53444947e0a41de3263a2
SHA256 2e18d0eb497348a92a163877e89fd614865af06fa217a4deed2adf96ca8d6bc9
SHA512 2457c812b47be16c0e16cd2b03d3cd59d4d39bde514877016cea3de99d62b003146e142db1c7c72c46fd30ee3c14ad1bd6317857572241a8b320f6b2c900757f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 29b7270d2f11638c7a59a412ad34fd49
SHA1 174781ff4e9aac13409b07570b944552ac7913b0
SHA256 ef53c58cd8cf1015fc193e7cba882e37d344e3c90be374ad780da7f8ce09aac4
SHA512 0b132b1a1d27d87ba38595dec1222fc0af6c7f8f3c1d0ad941e92da16cd4d5c142c1d8ae7fee6dfc71609abe3ddadf80eb02f734affbef7623c770bfa4339200

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

MD5 7fa1e2a9e430b3d72d48c20bfdb7e22f
SHA1 cfd2768d956e3132158d568d0f2a37aba9f22c28
SHA256 baa750fb4033e2a7948ae91a2e61b411cfb8fc992f97a0b9a4519739d51d155f
SHA512 51810c3cac036848561280871d54b6005e3fc364b0bb214d238330e7149810ab7c48cc54d16a5de6d82336e5fa06592d280c0314a1659ad465c13fd96835c583

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 65133b7ccdf50af075800be539737b9b
SHA1 b7d844ff69a14c590ffa008cf8b017f8fcac83e5
SHA256 5bf1c7c8bcd717837e50f6f62e4116251ed4b46f27423151d29b57e759241e6f
SHA512 09364c7813b292aea4083ab1eb067758b0163746095bd0f1bce0e430dc40eb7b01e5291d9e60bb1eb9b3fff5c6cf2355d21ee2921f6a78a96e2264427e31f3c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 c512626cfc5ebe93cbc95eb35d9949e2
SHA1 969c463d1681931ff7d0846a0e78bbbdb1b6bab1
SHA256 b67acca99094f55e97ce77389464664cf351ccaf3f338b6c476473d4a35541ab
SHA512 c8c9e03bdbd75117b44a7685aee384b5f824ce565d886f54df7c4393856a8706edf6f782e0f16fdee8dd8f36eb5087e1cfe48d5276e553af9be7023beedb6846

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e0a7d6c4e606e58777fa0665fa23a4fe
SHA1 cccbf202ad2fe5e5601a380efd90e50eb4444104
SHA256 41ad4cd3d3e1e6b15b8441fddb1bf56aef0e8157f79b7dfbf1330031d98367fa
SHA512 dbf9ffc427c0f3c908bab4469d546d2523eff1ccc679c45001baffd8395b6ba8564df74f06d4821272d6af1cde4ea7d945ec55426f1a81df820e23120b35a4c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 638c988bdafe33bbbc07237226183499
SHA1 35444094a0b9e059b7b4407f4a9e74e9ca888984
SHA256 b350a779ce0a1f7198756e22df80f019c941e6e93b15f1579511003abbc268b2
SHA512 e9ab00fbe7185cc9bb8f1d88e0a59f3bf3afa94e7ff4975d9da2df803497d3fd2cf2ade69194ce3c26f7f24a1129f647af77252c56cf9315f3193178d6dd5949