Analysis Overview
SHA256
775803a6a1f3eabddd92e0930128d0137559b93ec1659dfde48022f0cd25c5fc
Threat Level: Known bad
The file source_prepared.exe was found to be: Known bad.
Malicious Activity Summary
Pysilon family
Detect Pysilon
Loads dropped DLL
UPX packed file
Enumerates physical storage devices
Detects Pyinstaller
Unsigned PE
Checks processor information in registry
Uses Task Scheduler COM API
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-07 18:12
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:17
Platform
win10v2004-20241007-en
Max time kernel
236s
Max time network
240s
Command Line
Signatures
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfdf7b3-9845-49ff-b10d-f89d5896aef6} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed6342e7-88af-42d2-832b-787bc1634d70} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 2764 -prefMapHandle 3384 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ea920bc-787b-4fd9-8795-a24f80f1d17f} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4180 -childID 2 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1771e744-23f6-474d-b06a-e29b4672c933} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4936 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4792 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa7da044-ae7e-425e-8f4b-ab55bc5d29c6} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5284 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b606724-d827-4ef5-b3db-6f9f9e25fece} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76de72e2-896d-478e-a635-8fcc38c419e4} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65315137-6f2f-4664-9cbc-07702039ded5} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 6 -isForBrowser -prefsHandle 5948 -prefMapHandle 5736 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33abd967-8193-420b-9ec5-1f3522bdfecf} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6444 -parentBuildID 20240401114208 -prefsHandle 6436 -prefMapHandle 6432 -prefsLen 33452 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {402b59ab-5d79-4d3c-95eb-1c99f631ddd7} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6588 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6600 -prefMapHandle 6596 -prefsLen 33452 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e1a606-7c6b-48b9-806f-b05d694b3131} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6816 -childID 7 -isForBrowser -prefsHandle 6800 -prefMapHandle 6808 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd6a10ec-5c98-4aca-939a-f39b0259284b} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4612 -childID 8 -isForBrowser -prefsHandle 4604 -prefMapHandle 4624 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5594e51d-cec3-4d8b-807f-a9eb14acabf6} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7108 -childID 9 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {734287e0-36a1-4bed-8496-eff2ae311f5a} 1724 "\\.\pipe\gecko-crash-server-pipe.1724" tab
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hi.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hi.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:53049 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 1.97.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.41.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:53057 | tcp | |
| US | 8.8.8.8:53 | pylingual.io | udp |
| US | 172.67.223.28:80 | pylingual.io | tcp |
| US | 8.8.8.8:53 | pylingual.io | udp |
| US | 8.8.8.8:53 | pylingual.io | udp |
| US | 172.67.223.28:443 | pylingual.io | tcp |
| US | 172.67.223.28:443 | pylingual.io | udp |
| US | 8.8.8.8:53 | 28.223.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | api.pylingual.io | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 104.184.140.42:443 | api.pylingual.io | tcp |
| US | 8.8.8.8:53 | api.pylingual.io | udp |
| US | 8.8.8.8:53 | api.pylingual.io | udp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.140.184.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.230:443 | static.doubleclick.net | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.225:443 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 76.76.21.21:80 | uncoverit.org | tcp |
| US | 76.76.21.21:80 | uncoverit.org | tcp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 76.76.21.21:443 | uncoverit.org | tcp |
| US | 8.8.8.8:53 | www.uncoverit.org | udp |
| US | 66.33.60.35:443 | www.uncoverit.org | tcp |
| US | 8.8.8.8:53 | cname.vercel-dns.com | udp |
| US | 8.8.8.8:53 | cname.vercel-dns.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | 21.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.60.33.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | api.uncover.us.kg | udp |
| US | 104.21.80.1:443 | api.uncover.us.kg | tcp |
| US | 104.21.80.1:443 | api.uncover.us.kg | tcp |
| US | 8.8.8.8:53 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | 1.80.21.104.in-addr.arpa | udp |
| US | 104.21.80.1:443 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 104.21.80.1:443 | api.uncover.us.kg | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 4.227.249.197:443 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 4.227.249.197:443 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store-eu-par-3.gofile.io | udp |
| FR | 195.154.100.94:443 | store-eu-par-3.gofile.io | tcp |
| FR | 195.154.100.94:443 | store-eu-par-3.gofile.io | tcp |
| US | 8.8.8.8:53 | store-eu-par-3.gofile.io | udp |
| US | 8.8.8.8:53 | store-eu-par-3.gofile.io | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.100.154.195.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 4.227.249.197:443 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI12002\python313.dll
| MD5 | 13e0653e90a091bde333f7e652ac6f8b |
| SHA1 | 130f3271120487b4aac482af56f4de6673aaaeda |
| SHA256 | a89f9220c5afcb81b9a91f00b3bea9ed21ebd2cbae00785cbc2db264d90c862c |
| SHA512 | ad513df8f9a53cb3a8e5bc430a977c4079e7d7547fce43fe29288988ee458ff2ea922eb979582fe4c276e58cd6ef8d771bf6535170554b82c5d54d87caaf5366 |
memory/4940-1101-0x00007FF908D30000-0x00007FF909395000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\VCRUNTIME140.dll
| MD5 | 862f820c3251e4ca6fc0ac00e4092239 |
| SHA1 | ef96d84b253041b090c243594f90938e9a487a9a |
| SHA256 | 36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153 |
| SHA512 | 2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\base_library.zip
| MD5 | 18c3f8bf07b4764d340df1d612d28fad |
| SHA1 | fc0e09078527c13597c37dbea39551f72bbe9ae8 |
| SHA256 | 6e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175 |
| SHA512 | 135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_ctypes.pyd
| MD5 | 820451c7be66ef544219c74ee35007d0 |
| SHA1 | 0e3e3cf7659eff9d46072614461e71076d14dd3e |
| SHA256 | 90777ea54bda95e8787f539e49a8e56c9228b1059bb4e47935799d55d54cf53e |
| SHA512 | 092c741f1081c5e9c5aec87252561e6b30b7513bc0aa93df2ea85d8f50eec7a1918c6a7c09c682175a04e09649129cd7d07cfaa24967295a2a1f893bc080a45a |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\python3.DLL
| MD5 | ad2c4784c3240063eeaa646fd59be62c |
| SHA1 | 5efab563725781ab38a511e3f26e0406d5d46e8d |
| SHA256 | c1de4bfe57dc4a5be8c72c865d617dc39dfd8162fcd2ce1fac9f401cf9efb504 |
| SHA512 | c964d4289206d099310bd5299f71a32c643311e0e8445e35ae3179772136d0ca9b75f5271eaf31efc75c055cd438799cef836ed87797589629b0e9f247424676 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\libffi-8.dll
| MD5 | 013a0b2653aa0eb6075419217a1ed6bd |
| SHA1 | 1b58ff8e160b29a43397499801cf8ab0344371e7 |
| SHA256 | e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523 |
| SHA512 | 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099 |
memory/4940-1111-0x00007FF91C5D0000-0x00007FF91C5DF000-memory.dmp
memory/4940-1109-0x00007FF91C5E0000-0x00007FF91C607000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_bz2.pyd
| MD5 | 041c3a1ba71868d4daeb6d0906a38b28 |
| SHA1 | 8aa225f0fc86534c2c6526004afdb5d652717daf |
| SHA256 | 025ec23249cb7fec75178b51627fbb57bbe1f55adb294353e22c4ce153801345 |
| SHA512 | 54e790335fe76505c710b7039bbcb37b25d4325b279e216135b75af9221cc3061b7cf55fab8b3fb5c684af9890c6394bb4a44d7e27a667aefeb5b50144bd7608 |
memory/4940-1115-0x00007FF918BD0000-0x00007FF918BE9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_lzma.pyd
| MD5 | 00e041a28fc678b2f474808a57445730 |
| SHA1 | bc9978a238ef64de05ab875ef6683668cd1185ba |
| SHA256 | 2837e89c9223d5c810c61ed1f866c662189d2543af9a6f75d75e7fb564f32316 |
| SHA512 | c71954efff4e29b9c0ac33373062e7c7bbb4e5ad02f75264765e077a1445821a4891e0a50722cd975cc27d489e873f0e1f4cba2e0b24ac75f8601efd8892a4f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_hashlib.pyd
| MD5 | 9451d1af86aebc8cc5afeee722ca057f |
| SHA1 | 797c3d1c2560635646f520c9660495b4ca52f567 |
| SHA256 | 469699516ce6bab5dac11458c6d72287987139c662d650d4ff0325b95edf1a37 |
| SHA512 | ab27813e03654b0027ecc1fc89eef8997263cd10f3e0b8ccaa9213528c21c244a785a0418bd0aa162fd4dd5b8ef8f43b398b08f03c10f25cfa84f7cb30c3cb9d |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\libcrypto-3.dll
| MD5 | ecf92d1e849c1a4b89ed9dac0c2d732d |
| SHA1 | bd2dbf194e9c891f27ef5b4521318d3804f76425 |
| SHA256 | afc166f8f1906cd75b4de9f7c72e92e36e4282437a02fedadb5ec3145c33c3a1 |
| SHA512 | 44e3d6b37a11b715efb77c28c1c4fca4c25ba7f663183bcef4ba52e9c5271715f43f7b22b6307c6d8788c1ea4e8b709060b0a711aeae249164ba7bfd1d571f89 |
memory/4940-1144-0x00007FF918B80000-0x00007FF918B94000-memory.dmp
memory/4940-1146-0x00007FF9087F0000-0x00007FF908D23000-memory.dmp
memory/4940-1153-0x00007FF918B40000-0x00007FF918B58000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\psutil\_psutil_windows.pyd
| MD5 | ddb71f0a1367202aeb5b84e981a0ffa3 |
| SHA1 | be218c8c7be7fc35d51d2fd6bc42fc6bd964b1fb |
| SHA256 | d426f7f1432ec3c223a6186925d25439dd5d7e7b5a050f63b7bb6b240c02a7aa |
| SHA512 | e4c0cf7e5302db930313805008280b2e1485d545596d2693306f01562c17fb5dd4e293eae7da9be62de65e0fa89b5a1c85ef9b574e1cc3d6c5630a74ddab4833 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_ssl.pyd
| MD5 | b42dca9bc4fd061f569b1be103569017 |
| SHA1 | b7c90c9745609db1628635d2fd24c18765e0b783 |
| SHA256 | 9db89d5ae27e94fc52e27c8d5237388fb3216cee03e26b40b8b9269ae80dd56c |
| SHA512 | 5923bab51efa9d6b498a44332fab4101691cf7c5f8045a5325c9269c5dbe619ebcece13cb1244eca8289d8e6efc5d595010f5365fe69605797d358a97b299551 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\libssl-3.dll
| MD5 | 5b63295552454d570281d321e4ca7266 |
| SHA1 | d849e5c470d63953ec55f2d732fd6f611cb2c655 |
| SHA256 | cff180ce2bcf7daa19d6f3702e416f54a55eebfaff382f4b6d8ee00c0954b861 |
| SHA512 | a2286ca195b5a8287e8fbee6d20678e3bbefc7eb20f89e510bc94801239d08c8ea620603254fbfc6c6c0d5306dc38dc1f78a675d62e9bbb8a625ec4f7b894930 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\unicodedata.pyd
| MD5 | 76881bdbbb48838e8a36f64bec40fb80 |
| SHA1 | 104a38c9c2511d871cd45ef277faac1e759088f6 |
| SHA256 | 25eae5b47bab5298671b93d9b53e50ebe22297baec244f9ba6e1931dab5b933b |
| SHA512 | 57e31c51813da51b6a79fea08078066385febfc9d98c2dac3a89d174042073c7b6435817786fc7de331f4af40d8589623da267f43bab011e998a201c1b334133 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\charset_normalizer\md__mypyc.cp313-win_amd64.pyd
| MD5 | 9208758928c24cb740814f165c5786c5 |
| SHA1 | ea0b69e885025828b01feab2914aba6f1e41c201 |
| SHA256 | 2b6122c6b98155587a7da8a1dcbca4a35d17afbac6302ee52e04e3388ef85a24 |
| SHA512 | 4ef7a1126c99351e82cf943787586f65b2dddfd0b42f98eddbdf1cc69a20b5467971ad36da5fc4203683e33249fa6ee1bd5a0de9563d90f7f1b7c504d9dfe4f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\charset_normalizer\md.cp313-win_amd64.pyd
| MD5 | 499b4daf2025955396752d47aa542cbf |
| SHA1 | 40eda0bfe656c8dedad6483ff6dfcde4a3c09dee |
| SHA256 | 2d500e623d0050012e3b029b6c1814e2464ea9941d07208d6daf0ddcd5adbd99 |
| SHA512 | 6e39a8b0ce27eede4d866b793c74c8e40c98739d3862f68aad28100f33f681e7a94e21942e0d03e1f06ee5d54d500796f54873b5ab149ef1428a831a7d367c1c |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_queue.pyd
| MD5 | e407184680371e5c373a6faa1f108eb5 |
| SHA1 | f077adfa699a0c9cf8581c49d36133d76b154f9c |
| SHA256 | 4bcdabc2324bf8c58d6df755849b9c1aec376aa791f5f489a09d721862587d8a |
| SHA512 | 02f9a791d787f72be2fba6caca49ebbf1612182569818d76853e8055102b2509aa63765d28b0ba1cf2e8a8cbca61294e0786c47c8ae031ded01a90a1ed9dd5cf |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\certifi\cacert.pem
| MD5 | 52a8319281308de49ccef4850a7245bc |
| SHA1 | 43d20d833b084454311ca9b00dd7595c527ce3bb |
| SHA256 | 807897254f383a27f45e44f49656f378abab2141ede43a4ad3c2420a597dd23f |
| SHA512 | 2764222c0cd8c862906ac0e3e51f201e748822fe9ce9b1008f3367fdd7f0db7cc12bf86e319511157af087dd2093c42e2d84232fae023d35ee1e425e7c43382d |
memory/4940-1169-0x00007FF91C5E0000-0x00007FF91C607000-memory.dmp
memory/4940-1168-0x00007FF909680000-0x00007FF90974E000-memory.dmp
memory/4940-1167-0x00007FF9095C0000-0x00007FF909673000-memory.dmp
memory/4940-1166-0x00007FF917DD0000-0x00007FF917DF8000-memory.dmp
memory/4940-1165-0x00007FF91AC80000-0x00007FF91AC8B000-memory.dmp
memory/4940-1164-0x00007FF91C3E0000-0x00007FF91C3ED000-memory.dmp
memory/4940-1163-0x00007FF917E00000-0x00007FF917E33000-memory.dmp
memory/4940-1162-0x00007FF908D30000-0x00007FF909395000-memory.dmp
memory/4940-1151-0x00007FF91C5C0000-0x00007FF91C5CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\select.pyd
| MD5 | 2cee7de8fcb3d3dbc4c556b0ef6fc714 |
| SHA1 | f9c6af3856940b2673915fb59921dc8310c46e0c |
| SHA256 | a0eaecc78e90a413c6f8b3f062a16c1c22ee517e81f2f56e4ff9746d952709e2 |
| SHA512 | f40ee75921ae6ddb65fc09d144ea2e79c91ca016382d1f21558c0ba479f5aabd41277b0c0d0aa37fd002a78acc853efdf8ded36bd1658be659c7a04349a7fca6 |
memory/4940-1148-0x00007FF918B60000-0x00007FF918B79000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_socket.pyd
| MD5 | 15292148065dcb1a3a676cfb0fba9252 |
| SHA1 | a22013b8565e6e1c5002b5cedcb9e016ce0e5ed2 |
| SHA256 | da7535cd642d3471e4a1f09502990bc1a48f481410191120b63d4f72e92889df |
| SHA512 | a51bb276e81c6d12f8c10fff5a835fdff72461567a963f5d5e00c2228d9cb9b749c4ec7bf0e4e771f7260532c54ccb30dc761d3806393e9b3888fa65ee710014 |
memory/4940-1142-0x00007FF918BA0000-0x00007FF918BCB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_wmi.pyd
| MD5 | e8db577f519980870f7654f01da421a5 |
| SHA1 | 4a885bfded4ffdc343f716ba0ce23f9e8c404a06 |
| SHA256 | 2d695f830a3db82bc8dc95ef026128def3fccbc883daff1c642e3563a56b4035 |
| SHA512 | 40739aec59851350b9e40405762b9c6e7caba2331ac8ab72ecc704950eea2ddabd48609788b02a3fe2eac18a63d32c8b19eddf83ca3dd4a41019ad22d900b005 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_uuid.pyd
| MD5 | b5f2d9353f758e1a60e67dac33debdd2 |
| SHA1 | edae6378d70b76846329fa609483de89531bcf16 |
| SHA256 | cde836ef0bde1c15c1c3750de54b50d2285864c512abbfc9e2c94f0ff5aa5ca2 |
| SHA512 | 9d780a8ec760c6bae3b53079c9a0670c7cbf2af6aababda0234ee71c5e0546b501cbe9666d973eaa28fb7fb7285814ecfece98d20cf4a86d3aea9a61a8120397 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_tkinter.pyd
| MD5 | 1cf9b90a97c2bedb287cb17b8555ca1f |
| SHA1 | d4f9c64b3589720fb3fea8344b77382a594bf81c |
| SHA256 | 3d3e6d8a414cb3012dbe89a53f8ca4b0317369fd596374b0e630ee2c895d6ffa |
| SHA512 | 026b13aea982f706522d69e0e8ec8acd45bb585b0eb21a6cc63e072909573ab9c7d0628640a7bdfbcfd41585f60017c788195d2373ff95bbff0e307f1395aeba |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_sqlite3.pyd
| MD5 | dc4f17455b3f1a3dae32a156c63c1c4c |
| SHA1 | 377ecf0d82afa7e08c42aadb1f00689ff3ed8fa5 |
| SHA256 | b56a004c7c5aaf090c59ea042772ed5843389778281614e1403258e655bfbbf0 |
| SHA512 | b32d8a795c4d7c888d9097c6970da2fcbe63eb6bf64211d677f850c6723521f0da09ea6b507ef57b891123b720c55919e53ff19dfcf2b5297d1fddb77dab84b7 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_overlapped.pyd
| MD5 | 0180bef91b8bb60482d47b262aa2d1ba |
| SHA1 | 081cc0cd82e139186b85925b0c7900d3bc6ddb0e |
| SHA256 | f438edcf20ca33551ceb13098e286867fd38faafe641faabb6cdd4989c0f4839 |
| SHA512 | fd28c249ebaba6024722a11ee8b59ddc088ef9f98ae80253262f0f91311f38c2a1e30f0b66ad2093746f0357ada04914df24df7a5c5a8a609d48b22190c1f93b |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_multiprocessing.pyd
| MD5 | b0ef20eb26df702d73b6031d7133afff |
| SHA1 | fedf6bac4fecb2ecd3629d089351963ba1cf5a62 |
| SHA256 | 06f031aead975e49c9b27e24a400ad5da0db36e49bc872f908b1e78af3576312 |
| SHA512 | 47d3be3d2c90cb43ebeb06f73a8aef802f0c3a8c6bb94b650db46280320b546ebfa770fea074a70664fabb1b3a1a1965ba88dd0008b33625556618527d4c7354 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_elementtree.pyd
| MD5 | bd959756587cc307f27ebbe0be66a0ed |
| SHA1 | c8c9d41dccb2185ff3e75fc50942f6de62884090 |
| SHA256 | cb0b8c8b085b72382c5d525fd4222a07513eccc941f85670eb48f848aedb3025 |
| SHA512 | e17f58ec0178ab3481c0a59ee5e78bd1dcbb91865a153afff4e664c57494107a26336217558b89099709eff7de88290e849ce77c0439f370bd2037258701cc88 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_decimal.pyd
| MD5 | cdf3648d66e392f550790fd3ed25d9de |
| SHA1 | 13c7bfd51f28b956afa136d1f0f85bb526180c71 |
| SHA256 | 80c10c4e57f4e5ea08a6886b1906adb56477d366fe6264110e9c9752865caee2 |
| SHA512 | cd08300405d5e26f24d9770c9706b8f77aa9feaa5863c73c1aa54a3b28512656ac4ea9b98de1343a3aa3c8722726402b566db3d38f6f7428e4aa4f9fda1313de |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_cffi_backend.cp313-win_amd64.pyd
| MD5 | 345b9e4fe71e70b8188a739bab2f6163 |
| SHA1 | 3c88da659602a8dfb07602e36221ab4185010530 |
| SHA256 | 56dd9d1092fffdefc47b5963ee9d8ba2a9a8270d959fe00d43e927300abdee94 |
| SHA512 | dd929cf31678924435736011cdb06a2cf77cbac300874621bda1f67f7857d1aa84523d15231891eb74f66019efa4d0e7aee640f92293436205cddc74062ef899 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\_asyncio.pyd
| MD5 | c5031bc5c34e95446adb68cba92345d3 |
| SHA1 | f524fde03dfef13799d5ddb4758a7386031580d9 |
| SHA256 | 863696947c1988772f279581619017fa6995123c4db6f32298aa43f481952abc |
| SHA512 | 12223fe85d78f1d714095669966d6d8b0af98410b55034cc36c47e2c2334db23e79bbf007214e3d48d49f30516dd44382431b7fbf04f585931b66057f777b98c |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\zlib1.dll
| MD5 | 946e3c39f3e72090c4d6e304c07d5a1c |
| SHA1 | 28fb74f480eda8f5f6fd8fbecf832055dee3164e |
| SHA256 | 811157c4231e149926e8ba437023a28af116c324ece44f0bc67ae65773e739ea |
| SHA512 | fca05186cf2154baca574ad32c98a1ff6a74ab5c0e628e458c4750d86791283bd84f11e0d6b683afd20612dc9eb5af9ec76db614dec0a9bdb655be43ece00953 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\VCRUNTIME140_1.dll
| MD5 | 68156f41ae9a04d89bb6625a5cd222d4 |
| SHA1 | 3be29d5c53808186eba3a024be377ee6f267c983 |
| SHA256 | 82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd |
| SHA512 | f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\tk86t.dll
| MD5 | fe0d1b988dbbfafea11bf2749d4b9be7 |
| SHA1 | 2d16476968fb625e6ace43c9d460de29a12c6448 |
| SHA256 | 7390d7085f1676b305fc5ca82e4f0100f66f10a52cd6c3e8b9eb18f7d1f7e7d5 |
| SHA512 | 76990274b88e4dd16f5ea72c3374b6c1d65369d03f0665bcd39ac491fdab18aa9810fa4ea20cd1ecdf0785562654c6951adcf4b3ff9c7072b97a6eb9938f24a1 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\tcl86t.dll
| MD5 | a4e87ae80147dbcbdc8dccd621155111 |
| SHA1 | 9627d351dc62033e70b874039646517097a597cc |
| SHA256 | f351c924298cb79277e4b2e31383134871d3289731e2c0ac1f80fa5f956d895b |
| SHA512 | 06427faec363c2d33dc6c2f1d1f581efe386e0f35e193fa0d9d16844cac129ad09f9b0f95e60818193d193651c97752465f05bf74feb28036f21464bd42d685b |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\sqlite3.dll
| MD5 | f248ea87e0a706a8d0f684aa8e669e7b |
| SHA1 | f766c1fcaec1d6cb3615a05a1cb1518299ba6033 |
| SHA256 | e73f6ab56e6775df160dd54f763e58b8b8c704f4d6cf7c99c2a26b900680cfd7 |
| SHA512 | 394eca85ffbfe3c2b74204b0f53c315e8222629d7fe11e1d699b045421125d0cb5a81e612221c5ac191bf258584ea81e5a657f10a0abff6d8bbc3726925860ce |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\pyexpat.pyd
| MD5 | ae04c639b594155249d5c46706168c8c |
| SHA1 | 05a4699704ca070f338a3e6c03216cd2556bcdcf |
| SHA256 | 0c38d13d0818eb9091cd8311d1b162c6387dad0fbc08789f7bc2027ce2f55a04 |
| SHA512 | 600b0b585f4b02363ae62a4d9910db4e3bafbe1c546e86e148fc880fe760c01a966517969f52f84e5486c41392dc43e48211aa2db34c48c5d57adad3e8ae95f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\libopus-0.x64.dll
| MD5 | e56f1b8c782d39fd19b5c9ade735b51b |
| SHA1 | 3d1dc7e70a655ba9058958a17efabe76953a00b4 |
| SHA256 | fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732 |
| SHA512 | b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\Crypto\Cipher\_raw_ecb.pyd
| MD5 | 1dfafb0703e7e2a4c69b07dc26e02d6a |
| SHA1 | c81d67803d11661b95c5deb3bf67bf012b0042be |
| SHA256 | 3814206c295e84122211f8d123a2467005acb18e48bf3cc8d673fedd26680313 |
| SHA512 | 816d3b71e3a5f40131073048afbe303fe75ca86a027d5485d06114be05ae2df01242ed9dfafa7c93ca0f8e79a77c20d5257fc7a22bacfff7d9bc60ce7d07bbc4 |
C:\Users\Admin\AppData\Local\Temp\_MEI12002\Crypto\Cipher\_raw_cfb.pyd
| MD5 | 778a2ded9a84ad9759141c285e915b11 |
| SHA1 | 2915fb4ca42d79ee32859d67c1299c0e4dfc32e7 |
| SHA256 | bb6d327d0e42d953a318a7a97953b0e530a0164a610fcab9a098ef9b407ee8a7 |
| SHA512 | 4c3f7945f97a57f74765e064050cfb6a1dd6abcffe1e2a8ce19132709c1dc554562efe188be4357202b6e3ea1998dc75cca4804684b47904547044db5574be67 |
memory/4940-1183-0x00007FF918540000-0x00007FF91854B000-memory.dmp
memory/4940-1182-0x00007FF9186D0000-0x00007FF9186DC000-memory.dmp
memory/4940-1181-0x00007FF9186E0000-0x00007FF9186EB000-memory.dmp
memory/4940-1180-0x00007FF918920000-0x00007FF91892B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI12002\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 270fd535f94a87b973874b33f35e5af8 |
| SHA1 | bb7113a47070b629e878502fc1d929879850856b |
| SHA256 | b7ab0516b698a9f4ef50f08ef53af907c83d841d117af16ca742b7e186d3ef51 |
| SHA512 | 829dc409327562736b7d58df6e5e78e8e7595b08fa2c5a993a595032386946ccdf1ef62311c44ffbc31c41165511b40251457a0cf7b92ecec3342850876e5d31 |
memory/4940-1173-0x00007FF919460000-0x00007FF91946F000-memory.dmp
memory/4940-1187-0x00007FF916E70000-0x00007FF916E7C000-memory.dmp
memory/4940-1186-0x00007FF918220000-0x00007FF91822B000-memory.dmp
memory/4940-1185-0x00007FF918530000-0x00007FF91853C000-memory.dmp
memory/4940-1198-0x00007FF916E60000-0x00007FF916E6D000-memory.dmp
memory/4940-1197-0x00007FF913DF0000-0x00007FF913DFC000-memory.dmp
memory/4940-1199-0x00007FF913DD0000-0x00007FF913DE6000-memory.dmp
memory/4940-1200-0x00007FF910140000-0x00007FF910154000-memory.dmp
memory/4940-1201-0x00007FF910160000-0x00007FF910172000-memory.dmp
memory/4940-1196-0x00007FF914B40000-0x00007FF914B52000-memory.dmp
memory/4940-1195-0x00007FF914B60000-0x00007FF914B6D000-memory.dmp
memory/4940-1204-0x00007FF90FAA0000-0x00007FF90FABB000-memory.dmp
memory/4940-1203-0x00007FF909680000-0x00007FF90974E000-memory.dmp
memory/4940-1202-0x00007FF910110000-0x00007FF910132000-memory.dmp
memory/4940-1194-0x00007FF914B70000-0x00007FF914B7B000-memory.dmp
memory/4940-1193-0x00007FF914B80000-0x00007FF914B8C000-memory.dmp
memory/4940-1192-0x00007FF914B90000-0x00007FF914B9B000-memory.dmp
memory/4940-1191-0x00007FF915450000-0x00007FF91545B000-memory.dmp
memory/4940-1190-0x00007FF915460000-0x00007FF91546C000-memory.dmp
memory/4940-1189-0x00007FF915C60000-0x00007FF915C6E000-memory.dmp
memory/4940-1188-0x00007FF9087F0000-0x00007FF908D23000-memory.dmp
memory/4940-1184-0x00007FF918B80000-0x00007FF918B94000-memory.dmp
memory/4940-1206-0x00007FF90FA80000-0x00007FF90FA98000-memory.dmp
memory/4940-1205-0x00007FF919460000-0x00007FF91946F000-memory.dmp
memory/4940-1207-0x00007FF9085A0000-0x00007FF9085ED000-memory.dmp
memory/4940-1208-0x00007FF90FA60000-0x00007FF90FA71000-memory.dmp
memory/4940-1209-0x00007FF90A7C0000-0x00007FF90A7F2000-memory.dmp
memory/4940-1210-0x00007FF908580000-0x00007FF90859E000-memory.dmp
memory/4940-1222-0x00007FF909680000-0x00007FF90974E000-memory.dmp
memory/4940-1227-0x00007FF919460000-0x00007FF91946F000-memory.dmp
memory/4940-1250-0x00007FF90FAA0000-0x00007FF90FABB000-memory.dmp
memory/4940-1249-0x00007FF916E60000-0x00007FF916E6D000-memory.dmp
memory/4940-1248-0x00007FF90A7C0000-0x00007FF90A7F2000-memory.dmp
memory/4940-1247-0x00007FF90FA60000-0x00007FF90FA71000-memory.dmp
memory/4940-1246-0x00007FF9085A0000-0x00007FF9085ED000-memory.dmp
memory/4940-1245-0x00007FF90FA80000-0x00007FF90FA98000-memory.dmp
memory/4940-1244-0x00007FF913DF0000-0x00007FF913DFC000-memory.dmp
memory/4940-1243-0x00007FF914B40000-0x00007FF914B52000-memory.dmp
memory/4940-1242-0x00007FF914B60000-0x00007FF914B6D000-memory.dmp
memory/4940-1241-0x00007FF914B70000-0x00007FF914B7B000-memory.dmp
memory/4940-1240-0x00007FF914B80000-0x00007FF914B8C000-memory.dmp
memory/4940-1239-0x00007FF914B90000-0x00007FF914B9B000-memory.dmp
memory/4940-1238-0x00007FF915450000-0x00007FF91545B000-memory.dmp
memory/4940-1237-0x00007FF915460000-0x00007FF91546C000-memory.dmp
memory/4940-1236-0x00007FF915C60000-0x00007FF915C6E000-memory.dmp
memory/4940-1234-0x00007FF916E70000-0x00007FF916E7C000-memory.dmp
memory/4940-1233-0x00007FF918220000-0x00007FF91822B000-memory.dmp
memory/4940-1232-0x00007FF918530000-0x00007FF91853C000-memory.dmp
memory/4940-1231-0x00007FF918540000-0x00007FF91854B000-memory.dmp
memory/4940-1230-0x00007FF9186D0000-0x00007FF9186DC000-memory.dmp
memory/4940-1229-0x00007FF9186E0000-0x00007FF9186EB000-memory.dmp
memory/4940-1228-0x00007FF918920000-0x00007FF91892B000-memory.dmp
memory/4940-1226-0x00007FF9095C0000-0x00007FF909673000-memory.dmp
memory/4940-1225-0x00007FF917DD0000-0x00007FF917DF8000-memory.dmp
memory/4940-1224-0x00007FF91AC80000-0x00007FF91AC8B000-memory.dmp
memory/4940-1223-0x00007FF91C3E0000-0x00007FF91C3ED000-memory.dmp
memory/4940-1221-0x00007FF917E00000-0x00007FF917E33000-memory.dmp
memory/4940-1220-0x00007FF918B40000-0x00007FF918B58000-memory.dmp
memory/4940-1219-0x00007FF91C5C0000-0x00007FF91C5CD000-memory.dmp
memory/4940-1218-0x00007FF918B60000-0x00007FF918B79000-memory.dmp
memory/4940-1217-0x00007FF9087F0000-0x00007FF908D23000-memory.dmp
memory/4940-1216-0x00007FF918B80000-0x00007FF918B94000-memory.dmp
memory/4940-1215-0x00007FF918BA0000-0x00007FF918BCB000-memory.dmp
memory/4940-1214-0x00007FF918BD0000-0x00007FF918BE9000-memory.dmp
memory/4940-1213-0x00007FF91C5D0000-0x00007FF91C5DF000-memory.dmp
memory/4940-1212-0x00007FF91C5E0000-0x00007FF91C607000-memory.dmp
memory/4940-1211-0x00007FF908D30000-0x00007FF909395000-memory.dmp
memory/4940-1252-0x00007FF910140000-0x00007FF910154000-memory.dmp
memory/4940-1251-0x00007FF910160000-0x00007FF910172000-memory.dmp
memory/4940-1255-0x00007FF908580000-0x00007FF90859E000-memory.dmp
memory/4940-1254-0x00007FF910110000-0x00007FF910132000-memory.dmp
memory/4940-1253-0x00007FF913DD0000-0x00007FF913DE6000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\820de187-2ed5-42ad-8a5d-c0932f1938ef
| MD5 | 9c4e5324eef3e9477ac375a9f521f940 |
| SHA1 | f278280550ac8b466b61e7387f7f331381fd809d |
| SHA256 | d3f8c7c5b9a7f2fe9f374b0fffd126df4741e09874644a4881b71321ca85c8ef |
| SHA512 | f25bec985cfc0692020a62e9e715e5dc6df19af3e89abea00e09fb950f3bd07adf48cf56946094ada7fffc1df63974e42798f7eec8e4a3eb32d6146993e76227 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\4e08ddcd-a9a2-4045-a745-23c9d2d84153
| MD5 | 5923947e16426cee97ef09e61d3f4461 |
| SHA1 | 06b055c4a826b47a801ff421bd7b3555b2cdb3d5 |
| SHA256 | 868ba285a2f6389fd95617300bbb8cb3d3ea4fbba348a48ea759bcd6001fac21 |
| SHA512 | ba51ed86f349d569a8c9ec0e739ab976bcedf0f6713aa862ac7bc5842966428fc5280465d1714d3b03a94333e80c6dc853861e380f856990452580fbd0e181da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\06279f00-71fa-4299-969a-811e841f4b4a
| MD5 | ecc7b1b8f236c10b416307bb18c614a8 |
| SHA1 | 8377edb6d82ae2d58c46ecda7882be0f84a1d680 |
| SHA256 | 803cbbbc3b30da602a7036760526a96e91ef5a43cbb824690766c7503f6b5868 |
| SHA512 | 2b93dc5ba3b1513340c7dc56207a7ec97e273c1829f834db55d60590bca8c467eb89b1aabb801f5494ec689d0c465c59d1cc499d4b18b158e73aef7205a30901 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bae9484f406bd1e49c3f3d855db0aca2 |
| SHA1 | 616310859b4037ab06b7f2ce5e70814303e6cd29 |
| SHA256 | 2d967555d287911d7af1ab1d227c8e65d5e32fe5af43e7aa8aaefb7e1f0d2229 |
| SHA512 | 2d66ea9d173d18c2be10c740c419551d3f10ec228a96a81ad1613f5f8f4cef99cc91e0096b6f131fa8ee189c70e5cb2433c53ef38db9f510ba9bc7463ec17fbe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json
| MD5 | c4ac13dcc54e33527505efa19b7d0dc7 |
| SHA1 | c142d7337b0359f0ab6f759d2faa1d8af16fc495 |
| SHA256 | 6ea72181f53fa8b6bd898db1ce4b012d85cbbd3ce3e3e08e2c10bd805066586f |
| SHA512 | e08b9d3a30ca88b249399c5e44a0fb1426e179b337297b6aa2a947378b8d94a8d4de6bd082d6b4673ac66d9f47b8e60b44a51d6dec1c8f0d36b2029933d498dd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5a91a4b22dab2a5970118723cf8b815a |
| SHA1 | ddb0e836de5f456216ce71654ad35a40fd8df86c |
| SHA256 | 00c1c1a2c16da4731c00f3b8065ef6681ff1a394d5fdb71c96edfc75c001d8bd |
| SHA512 | a94f9d4c219ddbbf6fb018a2352b815cf4aa5b4971794d7b6d9e43f2c5421267fafddb8014af366819fbe308792342ea0f5aca72a935e53bbe54682022d2ce14 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
| MD5 | d850dd210410aa64e95650f3132d2ed7 |
| SHA1 | 885ea14d710a90b3207472c3578751deee8fc658 |
| SHA256 | aa9a0660227517034188142ccbd304ac6b471d967f1b9b403428ec8ef80ad36e |
| SHA512 | 1ffc9f677153f5583c4ea1cd2cafe2253f07c0fbd722dd70d71d278a1abe53a6b505680d79cfbf13e049a80e8e7330e295086685459ed3ea8fb8efa9f7f2098f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js
| MD5 | 1d38ca60ab842453396a6d6e788fedc2 |
| SHA1 | bc1b7a2af595da6af298fcd7cda6697ae971ca19 |
| SHA256 | 53ec471c712290fdf6bd8f2c4a9b063393de49524fa4b6ad4d85b916ddd6a4e2 |
| SHA512 | 4c051b63e275771cf8dc63e9b851198c1da7f7ab33179222c8c1d22c26d6af223573aeff70b63d4a6752da07cc4fdd06380824d774be14cc772385343041224c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | f30db49dab1a371249c2a318a3e7054f |
| SHA1 | 9842cbfd2d578299e02ed576839fc1e260fef13b |
| SHA256 | 8b315dcaeba5e13c78a85cdf639e9abcfef22384d1f025b346ba909b0a19a3c4 |
| SHA512 | 074869d6625945c1560cf16dd933e45fe5a3ca9c0fea7e181ed8988c3b93600256548d16172b997e5e2e3f13a65c967ad4c69db82c4c942080595d1c52a2100a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1726eabccbb40bb062002ab7d3dd21bc |
| SHA1 | 33474adfa14a18ab71c61e0c458720aac1f9504b |
| SHA256 | 78f0fccee34083643e00ea5d44acfcf922e356bd6446330109eca684d523ad22 |
| SHA512 | abd16cfa4a48e72e4b05c3650b23a4c3f51344c283d43a7add4761eff2e76d4b1bb62c9a2a9d6afdc39456711cf222a777578016da843141f8e5815f1296329a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\thumbnails\d4ce2efabe4f7cbaa038cceddaa8ab13.png
| MD5 | 412aa6fdb5053cf7b549df31407138c9 |
| SHA1 | 4b61304a1e8ee7d3bf3f2c4c3bbfda507690e2a8 |
| SHA256 | a22ac05bbcfc9ed4d0a2daae9d26d862f6f1479733ad5ced0dde2841ed9ebecf |
| SHA512 | f72506639c53262ddd62ee93478fd24ec918fb3c171713536ba11b26281a59820a2854a21ff8fbabb3416178f3b8ebcac7894030077be8c624eae301e44cab4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | fb301fd5fabaa16c1e5dd9add7096bd3 |
| SHA1 | ea89a6a39f623d1ab0c0dec95475daa1b381f7e1 |
| SHA256 | 75135910931069651ee1b62140e7240fdce3bd565bd202bcf242e3be35976e70 |
| SHA512 | 6762fedcf02cff7d96f5a2beb2553aa7213c508494ccf9592e4840a7d31e82f9b86e5e707304ced231e687146379281adddeae1ce27c6356d4e7b0fefdc03dcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 55550aff209e41636e600b24d05fac7b |
| SHA1 | 719cbd7c7aa5f20ba5b2b974cb3817cbee94132a |
| SHA256 | 4e2104b92809c86f712ef645070ba7a64cb64a6e8fe231fbfa608ad9255e8155 |
| SHA512 | 6057a090ebe481a0ae862478c99552e966ebd0e9bb3bf0d837937cdb025edf5930d31896ac1bfd61c82ed3dfb75c45bb7ad6f56aafbb203b316a278e2761bc6f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
| MD5 | 95090eb0ab0ecfee14a5f428a9d7591e |
| SHA1 | 55a9db4ff47d58eef1399705cd458315e96c9020 |
| SHA256 | 3bed9b07cb70bb9a04f59372d00a3d47dd68ec76f6c2ca841672a31b137ce8b1 |
| SHA512 | e03f98b07aa2115ac15c7fda2343e7b9108839ccb7f68da66ef27bac0f8cd34f7614b6ef87614db8fb12375bc9a6d10a02fd905c72d78ec96ef195fe46b8422d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bfdc00578ad33bd7b6f63fe168c10578 |
| SHA1 | d235fdd18c26adc853baad9055902671b3123170 |
| SHA256 | 21b9d483da7314ad45193aca42edbecccc8b369f62932a6a4516c9f580843f7c |
| SHA512 | 2c641cad63aa4317adbb1904e139f63dcb321bf7bbe6094bb931b679db9de6b1f17c7f5d6b347d3119f7391ac07d73c756ee8b9f789597f470486062fe011cb2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\B36669B4415E2B18B648BF32E6AEE76866997B9E
| MD5 | 4b8399b48248ebfe855785de7dfac168 |
| SHA1 | a3b15bd556e6ce09b447f0316940803d94704a33 |
| SHA256 | e52ef91996cafe3c0f779b41ed9b27bfa9e5bee036182f817bc9e4e9042bde1b |
| SHA512 | 5cdb596749c127b1dae537bff66b974e413a07d8ff3ff82c0dc5f8a0ad8000559ea9193bd9cc3e2a40f1404bbfd72e1bed9291f23d4fec036a375f0d2df9f922 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 08835b1b3f568d36f23fe88d70766370 |
| SHA1 | 9dc054714eee5f9f9153b05b34755aca3107c65d |
| SHA256 | 2909ea5de7013a6f3f6de12223ba8241aabb5fd1b93af29abc923028412a3708 |
| SHA512 | 9d6e47014c7093ac3a9970bee40a257558d0cf107cbea7d4dfaec995385ed814a8ef57891b7262d0fa5986031ef05b233d91dd0a12eae47130c566aa37e5a1e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 63ff766e12d898011e49406c5533febe |
| SHA1 | a3ed4d0201f89195d43023e095fe441de2aba4df |
| SHA256 | e41a92fc49237c10cebeb4796ecf4b8927e12094cd7363c932b400fb8e785cf8 |
| SHA512 | c95baf989c76cdd20d944d584c4d41e469bb0f64f2a30b1e4ed971b29397576a3a7c834500f1f0958c58d42db8c85a31930ecf88f5cca8eb872fa871a63cad35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 02d01b06f3886d20e32da9daf021e1a0 |
| SHA1 | 985ba25d90be2d0d59c2b39b1a8ef36259c6a720 |
| SHA256 | 2d34223986980d9787bd8e28a8a38581f914f6d0d504e3c0eab8af691933176b |
| SHA512 | 353351326dd354c7a740de571d251974a19417016309c50222d7987f765e902061ddcdbb0e23c54ce977477b31c70bfa28ced8edb17d516fee8e155323d62add |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | afb2f8c41189d48db4331b0b8057e8cc |
| SHA1 | 458765701ab02549ec5a5d9a408174951818f921 |
| SHA256 | c3a5aefac9f6f05a1e00a8418627ac889fdb84f65f9a9c722352d90b742fcd03 |
| SHA512 | 33b26c0f650ad64b8f486f7f1c2b65c3705c46e5e633283402140487fcc8d8b3e576d975b42c899f56ce348926ffada965caea0fba1d5e0c715f5d179e5cfe90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e9fd14d4ae4261620ae917fe17e036d2 |
| SHA1 | e05110e9580883e1bafd1bd55c97584ec94fc70c |
| SHA256 | 8683c72b8163d389e8cc4e454e2666557458292b68f9dc3bf45a568e4d56b96a |
| SHA512 | 3fab65c3ce8962a9ce4e24ff92151752cbb8152216ec3621222bbdb10a435bbcdf6d5c380f3cb0e8643e9345d636fcc6566cac867d3b2994dc35db9c3246d753 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:27
Platform
win10v2004-20241007-en
Max time kernel
429s
Max time network
438s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:27
Platform
win10v2004-20241007-en
Max time kernel
422s
Max time network
423s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:27
Platform
win10v2004-20241007-en
Max time kernel
430s
Max time network
431s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:27
Platform
win10v2004-20241007-en
Max time kernel
433s
Max time network
433s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:27
Platform
win10v2004-20241007-en
Max time kernel
429s
Max time network
431s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\protections.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2025-01-07 18:12
Reported
2025-01-07 18:27
Platform
win10v2004-20241007-en
Max time kernel
421s
Max time network
423s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |