Analysis Overview
SHA256
ebdce938512e6338a6e0101e006e9a22237bced741086cc932eebecc03e9a820
Threat Level: Shows suspicious behavior
The file Archive.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: tweet-@x64dbg-1DA1F2
A potential corporate email address has been identified in the URL: [email protected]
Executes dropped EXE
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-24 19:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-24 19:08
Reported
2024-12-24 19:11
Platform
win10ltsc2021-20241211-en
Max time kernel
125s
Max time network
129s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: tweet-@x64dbg-1DA1F2
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\cooked\BlackRock.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\cooked\BlackRock.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\cooked\BlackRock.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\cooked\BlackRock.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Archive.zip"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=4112,i,17437436182398955805,1059754208013914332,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\cooked\BlackRock.exe
"C:\Users\Admin\Desktop\cooked\BlackRock.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20513c76-3265-4737-bfc8-b33dae6f3629} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2356 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b09f3af-b759-4a0a-bcc2-ba631133f0c8} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3188 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9db1b2e-04f0-409c-a3e6-8da51bfa5f4b} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 2680 -prefMapHandle 1400 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5de1ccf-c65c-4a6e-a991-62f5754986a0} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4568 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16a7d71-952b-452c-b5ef-e9da81d1c1bb} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5224 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6d9fc7f-172f-49ee-9b28-7588f9c781e3} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42620885-7541-4b50-b735-76f692559ab9} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b522d121-5157-4240-96e1-347250361edc} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 6 -isForBrowser -prefsHandle 6204 -prefMapHandle 6196 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a939565d-b0fa-4dd5-b056-12661e7702e0} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -childID 7 -isForBrowser -prefsHandle 4736 -prefMapHandle 3844 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcaffdd-46cc-406b-ada8-5542d2369e02} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 8 -isForBrowser -prefsHandle 6456 -prefMapHandle 5140 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {453fa970-88a3-4167-b893-c573e3eae928} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 9 -isForBrowser -prefsHandle 4548 -prefMapHandle 1460 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0832d8ae-08f8-4ea1-b4bb-5294bbfdee39} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6708 -childID 10 -isForBrowser -prefsHandle 6732 -prefMapHandle 6764 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d81d82f8-59c1-4265-bf22-b312cbbe8bcd} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6744 -childID 11 -isForBrowser -prefsHandle 6780 -prefMapHandle 6604 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be0628bd-3324-4d2d-8259-66640a03dd42} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 12 -isForBrowser -prefsHandle 6768 -prefMapHandle 6772 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcd1870b-b750-4dd0-994d-1da66bbacf6c} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -childID 13 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afdeaf25-f2e1-4d47-863b-9bd98b558154} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7204 -childID 14 -isForBrowser -prefsHandle 7212 -prefMapHandle 7216 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9482fc-7176-4f9a-94c6-736640185dd7} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3272,i,17437436182398955805,1059754208013914332,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | company.blackrock.luxury | udp |
| US | 172.67.74.104:443 | company.blackrock.luxury | tcp |
| US | 8.8.8.8:53 | 104.74.67.172.in-addr.arpa | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:49880 | tcp | |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 151.101.131.19:443 | www.mozilla.org | tcp |
| US | 151.101.131.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 19.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.225.228.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49888 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.20.12.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:80 | bing.com | tcp |
| US | 204.79.197.200:80 | bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| GB | 95.101.143.202:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| GB | 88.221.135.42:443 | r.bing.com | tcp |
| GB | 88.221.135.42:443 | r.bing.com | tcp |
| GB | 88.221.135.42:443 | r.bing.com | tcp |
| GB | 88.221.135.42:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| GB | 88.221.135.42:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | www.start.gg | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | www.onenote.com | udp |
| US | 8.8.8.8:53 | sway.office.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| GB | 95.101.143.202:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| GB | 95.101.143.202:443 | r.bing.com | udp |
| GB | 184.28.198.195:80 | a4.bing.com | tcp |
| GB | 184.28.198.195:80 | a4.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | olc-g2.tm-4.office.com | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | olc-g2.tm-4.office.com | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 42.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.198.28.184.in-addr.arpa | udp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 95.101.143.242:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 184.28.198.195:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 95.101.143.242:443 | e28578.d.akamaiedge.net | udp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| GB | 95.101.143.202:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | 242.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 204.79.197.237:80 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | help.bing.microsoft.com | udp |
| US | 8.8.8.8:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| GB | 88.221.135.42:443 | r.bing.com | tcp |
| GB | 95.101.143.202:443 | r.bing.com | tcp |
| GB | 95.101.143.242:443 | e28578.d.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | x64dbg.com | udp |
| US | 8.8.8.8:53 | help.x64dbg.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | en.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.varonis.com | udp |
| US | 8.8.8.8:53 | filehippo.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.thetechplatform.com | udp |
| US | 8.8.8.8:53 | www.helpnetsecurity.com | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | readthedocs.io | udp |
| US | 8.8.8.8:53 | x64dbg.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | filehippo.com | udp |
| US | 8.8.8.8:53 | x64dbg.com | udp |
| US | 8.8.8.8:53 | dyna.wikimedia.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| GB | 88.221.135.27:80 | th.bing.com | tcp |
| GB | 88.221.135.27:80 | th.bing.com | tcp |
| GB | 88.221.135.27:80 | th.bing.com | tcp |
| GB | 88.221.135.27:80 | th.bing.com | tcp |
| GB | 88.221.135.27:80 | th.bing.com | tcp |
| GB | 88.221.135.27:80 | th.bing.com | tcp |
| US | 185.199.110.153:443 | x64dbg.com | tcp |
| US | 185.199.110.153:443 | x64dbg.com | tcp |
| US | 185.199.110.153:443 | x64dbg.com | tcp |
| US | 185.199.110.153:443 | x64dbg.com | tcp |
| US | 8.8.8.8:53 | 153.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | j8uxpv9.x.incapdns.net | udp |
| US | 8.8.8.8:53 | www.helpnetsecurity.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | td-ccm-neg-87-45.wixdns.net | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.helpnetsecurity.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | readthedocs.io | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | j8uxpv9.x.incapdns.net | udp |
| US | 8.8.8.8:53 | td-ccm-neg-87-45.wixdns.net | udp |
| US | 8.8.8.8:53 | dyna.wikimedia.org | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.shields.io | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| FR | 142.250.179.106:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.21.80.27:443 | img.shields.io | tcp |
| US | 104.21.80.27:443 | img.shields.io | tcp |
| US | 8.8.8.8:53 | img.shields.io | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.shields.io | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.21.80.27:443 | img.shields.io | udp |
| FR | 142.250.179.106:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 692e00da49c3a3327b57c711783e7a73.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | baffddd929051a4ffc286648e9c94108.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 204.79.197.222:80 | baffddd929051a4ffc286648e9c94108.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 2aeef27c643096afe2cbb634d0c8a19a.clo.footprintdns.com | udp |
| AU | 20.36.77.107:80 | 2aeef27c643096afe2cbb634d0c8a19a.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | cbr21prdapp01-canary.australiacentral2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | cbr21prdapp01-canary.australiacentral2.cloudapp.azure.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| AU | 20.36.77.107:80 | cbr21prdapp01-canary.australiacentral2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| AU | 20.36.77.107:80 | cbr21prdapp01-canary.australiacentral2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| AU | 20.36.77.107:80 | cbr21prdapp01-canary.australiacentral2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | snapshots.x64dbg.com | udp |
| US | 104.21.13.7:443 | snapshots.x64dbg.com | tcp |
| US | 104.21.13.7:443 | snapshots.x64dbg.com | tcp |
| US | 8.8.8.8:53 | snapshots.x64dbg.com | udp |
| US | 8.8.8.8:53 | snapshots.x64dbg.com | udp |
| US | 8.8.8.8:53 | 692e00da49c3a3327b57c711783e7a73.clo.footprintdns.com | udp |
| US | 104.21.13.7:443 | snapshots.x64dbg.com | udp |
| US | 104.18.13.149:80 | sourceforge.net | tcp |
| US | 204.79.197.222:80 | fp.msedge.net | tcp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 104.18.13.149:443 | sourceforge.net | tcp |
| US | 104.18.13.149:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | 149.13.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.13.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.17.56:443 | a.fsdn.com | tcp |
| US | 104.18.17.56:443 | a.fsdn.com | tcp |
| US | 104.18.17.56:443 | a.fsdn.com | tcp |
| US | 104.18.17.56:443 | a.fsdn.com | tcp |
| US | 104.18.17.56:443 | a.fsdn.com | tcp |
| US | 104.18.17.56:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.17.56:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 56.17.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 104.18.4.227:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 104.18.4.227:443 | c.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
C:\Users\Admin\Desktop\cooked\BlackRock.exe
| MD5 | fb74ea83b0013db659ecaf1ea222b7f4 |
| SHA1 | 17330d6bdd9ab973d8a0a0293202a8343a2440d3 |
| SHA256 | c413dbc4dc71a512432bfe2d64b3aa0e8344000a0daa88d6020a76e01018d1a7 |
| SHA512 | e22c2f582babb9e76917903e1df60f76c0c8d30604ccc2c87e56e875aab2ae584e9afcee4575c449abd030e8613b17b4b8ce14fb15fcd3cdd4dd22f1ff3bb238 |
memory/3680-14-0x00007FFFF2933000-0x00007FFFF2935000-memory.dmp
memory/3680-15-0x000002AABBD00000-0x000002AABBEAC000-memory.dmp
memory/3680-16-0x000002AABC240000-0x000002AABC241000-memory.dmp
memory/3680-17-0x00007FFFF2930000-0x00007FFFF33F2000-memory.dmp
memory/3680-18-0x000002AAD6460000-0x000002AAD64D6000-memory.dmp
C:\Users\Admin\Desktop\cooked\ScintillaNET.dll
| MD5 | 46c84ded17d245234617918c27afd4f7 |
| SHA1 | 3619b22c33e6146c3d3c4f1e76ff61cdf35e5bb4 |
| SHA256 | 4779af90d40a141a6fa9ac8e75611fccc5e240f20f34d560df7a8bdc05ca27bd |
| SHA512 | 04948e1e3e99d769054f318a7637740012c75c0b2b0dd1618e94acea308c871a7fc2902ca3fe4b83902a1a86e986e2849f7341c37f8ae1cd99c6529b49328a25 |
memory/3680-20-0x000002AAD6640000-0x000002AAD6794000-memory.dmp
C:\Users\Admin\Desktop\cooked\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/3680-22-0x000002AAD67A0000-0x000002AAD6852000-memory.dmp
memory/3680-23-0x000002AAD65E0000-0x000002AAD661C000-memory.dmp
memory/3680-24-0x00007FFFF2933000-0x00007FFFF2935000-memory.dmp
memory/3680-25-0x00007FFFF2930000-0x00007FFFF33F2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\25bef0dc-e869-4e59-a8bc-3a391d513c3c
| MD5 | e4f480a8c08bfa69b1b291149c07117b |
| SHA1 | 2b31264ce8031010a4727f1925e081d0f47b8fbf |
| SHA256 | 04c09df8dc0a30c1cd6046b7afc62190bab2d01f95676ae1f8511c030e7b8fd0 |
| SHA512 | 2d092bdcd3e48f61e9f56495ca1a22757773737ecd103cd97b686f95e0487dee14331e40b5b686b1d7f98df26f3609eb3698a6632f943f12c898d5ad2125e379 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\a669d258-d58d-4b89-bca8-e776de03cb3b
| MD5 | 3429b281ee995fdb65568077318d27a5 |
| SHA1 | f8f77887810ff2057b1ddaf7acd65af87e4f75d1 |
| SHA256 | fdd1753fa7196e532d4ccb3540ae412ac147868850e35feef81053d505dd0c25 |
| SHA512 | 7596383cd1dbd68ae90c7e7615b9084afa0379bb41af31bd30e56e65fa8f354250721a060bc639a14f940dc3816654897a0282d5a9d2e8cecb3982ef5c029e7d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\042030e9-f2b4-48d8-9ee9-61c277f78923
| MD5 | 9b44d43392fd5e74fec1f587fc01c073 |
| SHA1 | 2845bfdf32a5ad3ad2edf329a2645bebb353cece |
| SHA256 | f92f5c325e297bc45061a703ad8a978f681e929968ce072ebfeb45e70a10ca94 |
| SHA512 | 5c75e0626d857277d0b7e8c3ddfa44301997a4290ce04b27a7f951a81978ac4c9c87a4ef247071c169f0b3c527dea289218e640fc317093e12d5af303091984e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d9be3c7a22eb496390acb9d43bc8a4a5 |
| SHA1 | 34801e0437f05fcf67c232fc71096952a4d09383 |
| SHA256 | 60cee212763b678387ddc83f9788865ef465a1b9710bc650f17fad81f396d8bb |
| SHA512 | ae6ab8200da7e9a48c386d9b81c9e25dfbc15d38f6d1a6d20803f654087db68b589525617f33c79a4456454f8850d76dc1436debbf970c63fb6d97d4aeb1f71f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\activity-stream.discovery_stream.json
| MD5 | 8a9c1e63206f20fdbe871a5dee322d4f |
| SHA1 | 1c9c506dfb502b1e1d42eadad6d606ef37f3d455 |
| SHA256 | 3b7cc366504525ef3ce4a896447fff6e78d1d00587c4915fafa3f087b4745054 |
| SHA512 | 4bfb20e6b6caf74a902122b3b78649eefca45a4b05b19e9f5f2b2dc6587ac1255556a7a1db8ae655c68f68bee5717f78a7de04174b28370f3e8082b9223c021c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs.js
| MD5 | 572007d385caae3ca65a53d0ac80af90 |
| SHA1 | b3d22ec78774f29fa7bb60a521c41713c6315ed8 |
| SHA256 | b11c86c81da3d66066aefa73aa3818f7f6596109875b5abfae63f419ba4576c9 |
| SHA512 | e0da49121564c61fb2906491abd7e104e81a9d5ad74b1a6be785ee014e472873c0e577215b063e052aeb82df529f9ff94650a3d14a66064081942c76bb14485b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\AlternateServices.bin
| MD5 | 7be02750fb5cd234cfde805c713e87f5 |
| SHA1 | eb263219d6909bbd09cb2db1accba86ead6385d1 |
| SHA256 | 527f4b4d3a0d39f4d6a77892850e46815e521e5e6bd8fd7efeba739f9cbde5f3 |
| SHA512 | a6c8be4a0b7bd4970a079e6cf4d0b7af671289f4f147e8ac2c14eab9769fd75324067240f874b8a3ef8a15197e564ce99190821a17a620ed4682e4ce0fee383c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9250119e1240489c15ec21624e8aacf9 |
| SHA1 | 3677dea1d240b6b3552a4803e24bf8537bc33da3 |
| SHA256 | 61dc6bd80a84aa6ab25ab851d8b6e9f9f77380453259785161fe421f8eb22082 |
| SHA512 | 98c8792c2ab3511f404611c70151f5bcf4a24f11c492a24e5764967b89468fea35d245ea61150d55e88e4ebb605d283ee25536d3bd3a8fc052e7e4fce293476a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d90c2f98d5eae88992c75bc5c250a30a |
| SHA1 | cd37be23d4beb1b76e41acdc936f7028ff269e3c |
| SHA256 | ba36bcb36f9d116a33eb68bfc32e276658fd28556d2d833624a65ffc1185d656 |
| SHA512 | 74cb201214299583019a61c1d57d8ba31180d5e26ae516d168d699ab19711bcc166857693391e956ba65755e5c79dd212ee54d7d15a8f2a95d9b5703fee25195 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs.js
| MD5 | 20572247adeeb0ef6cf566cdc18440d2 |
| SHA1 | 502b98633af4c5d539736eda485802595a1f3ae9 |
| SHA256 | 2fa1e8bd3a89f3dcf38762ba0da2e6e535972e734d120a045ff323d65bd997fd |
| SHA512 | 6ac0d942bf05ae8ec8056b7f5b1e917e62a6512215bce3ddd471acb72e2c3eee653971d90ebd67d115a2f8c22917e86d6a79e88ee993f630add6ab3b487339d5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs-1.js
| MD5 | ce506d2d455dd6416244a235e95aa782 |
| SHA1 | 3366879ff5fb4534280cf4927c0b76d3f0c826d2 |
| SHA256 | 82ff13d440b89f7d9437178f47d84b4a53205880fbcccf35794e7eccb90258ad |
| SHA512 | bbc194d29e36c1fcfd38e100335020265848e991be0a0ba4726d328cee9685a222ce4d9ea01240fee9ef2fa9a8885c0b5a529d6d22629f043d83de9d3a227d8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\AlternateServices.bin
| MD5 | ffc24fdc3201258e54d1f99d05a8ad80 |
| SHA1 | c46b612854908a2b09dbdade8d08c2904e296d0a |
| SHA256 | b4c8a92eb2c52bba723fbf5ec19c56a2cfaadb8d2e43e2267e48f730485794a0 |
| SHA512 | 11b9e9d5b3b591c8bc2585ef889dacb6b2525bdf831b339112acd9a512e102c99ed0d33e06ffc60715e80cdb65dcef6fdde3fc9b74db28206044fe7c3adf6b8f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 949e2997f366226d09df29553aa90ef9 |
| SHA1 | 29f3447908106b6aa0f59e1777319b78ab879ffb |
| SHA256 | 8b0fd74aefc8ae1acb8da6b52adb01f0cd0be6d437a3958f53940b4193c4de35 |
| SHA512 | 67d0a0ae730a58e8d85984863d0b95ea047c25dc167bd69247a27b64fdfb62ca5787e182da19b4cb178e7f001e68400d26181bf67c232f70889fa0db7d0b9eae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0aa33ab8f3f45e463dd0d4afeefbd1a0 |
| SHA1 | 870d2a7f47a2c152a4da19e8bcb0be6491cf20c5 |
| SHA256 | 84e0b723643a5527b3a33ad83fcd736e53df79c2b6c50ea9c66b7f37a357e016 |
| SHA512 | d50e13952cda05865db55fba3830fa69ab0fd0709447db3de232f9dbfd7aec930229ec5fed395b553209b80af8eb95c17ced9ddc8b856dfb3c8be43d5d6209c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38
| MD5 | 02e2c4e2324042580a5499e0496f79d7 |
| SHA1 | 186575678ab4682dc46c284696326b95ee99f949 |
| SHA256 | 065133340660e5a8fb9bf285873d92fce0e18749473e9ab2e2485af77a6a0661 |
| SHA512 | e7070376696fc93b88fad19b2b2050c1d2bf1868048d1a77b7e312733b79f0d381ab1ee3526e0a4631afdd4618743bb282a00eb92a50b37239c70b0d773da460 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\6751EAF940B45945962F07B498AEF7F97B121D34
| MD5 | a35d2e30f770171a06724b6d78c458b5 |
| SHA1 | 0cdc7580132bce0ac0be053b89a7bf324aa1b697 |
| SHA256 | 4a8234c5d732a955f203d19b7f668d485b06803a2da4356191de89e0ff1e6657 |
| SHA512 | e0241b0b05b9213aa6ce65a0ae6a97012706e7d42c5c590ff61cadcb0f4694fc0d032e7eabf7fab951d4c387dcaeb191689a5c5398c0cce0e9e4401405587854 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\E3E096661CC12A0FFB4E42A32E6157FAAC411A71
| MD5 | bae4c8aeb6e4a9f05900f8fea13199fa |
| SHA1 | 0f9b7d19bcc6fc2a633b47027a4c358716880177 |
| SHA256 | ce9a8d449ed0dfbf2a699f8bf9b373e3eb8981f08585e27e7e6d12054c2b349c |
| SHA512 | 6d5d8dba4994e1d5a2cb59afbd592b2e58bf0dde643c3a511859b37689f199fc18aad77f88f0cbe01d40eb32245280c82ab181697e574013c729ce73047e855b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD
| MD5 | 503d2804ec2bcaa5039e081a1aae15c5 |
| SHA1 | 4fc4135f5da6f1772fcfda3bb203cead8baac8f0 |
| SHA256 | 693c3359c0b010b67bdef474c68578c319ef60e629dce6c82c1f8ad086df8513 |
| SHA512 | 0c2e9774037deea23b01f5ed76e1aa7bbe831049eb415a64b932d08156079daf93ec660bbe61f24a740a35f5144db544a72718a2c260400f2c3a2fe007e1810b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\A316A67D82F673191BAD9C75885EB5E7557D7EFD
| MD5 | 4140b43c6b9bb9e4c430b8ca424522d2 |
| SHA1 | 39ccbdb12d081ca550418c79a731963395c4a793 |
| SHA256 | 0be6d190dc45f09d96204affcd96026143dc2d6880f806c585483dc47e201e3a |
| SHA512 | d6cda27d39e893163f784352dd2268bcd9b79ebc2f3595fa546f1f92bebaf301c56edf4d83697f4414befff70c02ff1a487b52a85867f0243e0ec521f5372b0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 23992b45711699c149080148527874ba |
| SHA1 | 461f94c1566b86ebca4c40e9747a4bdbb1e163e2 |
| SHA256 | 8349b3ce1994ed44e16ad5cba1e4e485d7aa8b93f0212ecc6d256812012cbd5e |
| SHA512 | 9e37068f5407112e951c031c909b171f6ef0ae10d3e93624f76485319dc7cddfc27dc07ff39ef86d475ed745aa13c7d96e0fd2f7e2c242fa696468de850c9caa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\0cf6285c-8436-4a60-9516-db9c2ab9f657
| MD5 | d00ccb8af4a17883e4444a0c4bf2dd3b |
| SHA1 | 49e3aee118c71ef266465dc0b89ef525352d7415 |
| SHA256 | ab5908b4c79848b319d5026dfe457fee939211a583c79c7789627a2d2dea6aca |
| SHA512 | 804918cefe9004eff99a530d5b427fb00635e071163cc6ec2eac4fda0c82ef189e079d40d1f9c86d824da591cbf813650bc46b58cd6f51d52d24dd86c279970d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 47e8f87684a4a6db6a59efe92dcb37e7 |
| SHA1 | c1b681011081f529e66418ff5d60ea77508495b7 |
| SHA256 | c7f928c7032a0eda5967b7de8665d693eb8f734a6d6b8963e550e3c33f39d99b |
| SHA512 | dfb88b22d377fa246e984e1ef16c845be832c9865cb2c69e8bc4ce595934f4fc152442cd30e9ccd07b56774633edbab1131ff516b990c5c3251f94b1b5075376 |