4460dd8114b5609ea4e9644a659de0f5b188696d27dc8846d633628b3ade7c31

Analysis

max time kernel
150s
max time network
153s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
13/01/2023, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Set-up.exe
Size

7.3MB
MD5

41f159509017d234e08eb4f820bab935
SHA1

1c27a70f922a95f66f58d8e4b7e91d92c84da6e3
SHA256

4460dd8114b5609ea4e9644a659de0f5b188696d27dc8846d633628b3ade7c31
SHA512

0fdbad1473708fbf1116638195881026caab40a5b64ab31ca25a027af81189bf94af403d5b1c35c5561970adaeef648b8ed5ef8c3ba63b163e931787e82636ab
SSDEEP

98304:wz16s9EwkidrwQwPdz9u/ZZmDZJErFXQbZT7wIX025:wz16gBrd3gu/XmDZiF0t5

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1864	firefox.exe
Token: SeDebugPrivilege	1864	firefox.exe
Token: SeDebugPrivilege	1840	firefox.exe
Token: SeDebugPrivilege	1840	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1864	firefox.exe
1864	firefox.exe
1864	firefox.exe
1864	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
1864	firefox.exe
1864	firefox.exe
1864	firefox.exe
1840	firefox.exe
1840	firefox.exe
1840	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1864	firefox.exe
1840	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 4632 wrote to memory of 1864	4632	firefox.exe	68
PID 1864 wrote to memory of 404	1864	firefox.exe	70
PID 1864 wrote to memory of 404	1864	firefox.exe	70
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4280	1864	firefox.exe	72
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73
PID 1864 wrote to memory of 4324	1864	firefox.exe	73

C:\Users\Admin\AppData\Local\Temp\Set-up.exe
"C:\Users\Admin\AppData\Local\Temp\Set-up.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies system certificate store
PID:3512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.0.1596653536\1575093813" -parentBuildID 20200403170909 -prefsHandle 1544 -prefMapHandle 1536 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 1600 gpu
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.3.1584609865\841924771" -childID 1 -isForBrowser -prefsHandle 2252 -prefMapHandle 2256 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 2168 tab
    3⤵
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.13.145574493\48692153" -childID 2 -isForBrowser -prefsHandle 3400 -prefMapHandle 3396 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 3412 tab
    3⤵
    PID:4324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1416
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.0.25764872\825358176" -parentBuildID 20200403170909 -prefsHandle 1532 -prefMapHandle 1524 -prefsLen 1 -prefMapSize 220228 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 1640 gpu
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.3.170762514\354152993" -childID 1 -isForBrowser -prefsHandle 2204 -prefMapHandle 2200 -prefsLen 71 -prefMapSize 220228 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 2216 tab
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.13.1208120575\1530932326" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 6227 -prefMapSize 220228 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 3452 tab
    3⤵
    PID:5024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\174F9457196A88EAF013C4D70444D45AEB859D80

Filesize
1KB

MD5
9eac98bb11944d3da2ce25767901e271

SHA1
d72d586eede6441a2c481cb2d438395c693396cc

SHA256
b933f89dc2366f91939653aeea5bcde19564a68c44cfee1d1f9e2aeb06857606

SHA512
96085f1f1bef39aaecc706a1ca068167b491d22a312a90196046bb58503d6fbae611f68575d122d6eb66f76da2e93b4e9ae0d7987a15152ccf02f1d57a510809

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\3E8DAED6B1701921F58544F5A60350EA114A215D

Filesize
13KB

MD5
0a5b6ac74c3bc65a3f6a70765df3fbe3

SHA1
dd367f255f928d42449d20928200e5a29625c492

SHA256
04a6104ff84343040dc10799c95854e6aa4c94499e29b64fad839072bf77ed70

SHA512
4f11296a97b01aef36149041826fbf81ccae5abe332a6372b580780b0b0ae4c71713ec905937a0b804d8538d884dd2857f2f68e826dfe3f78d1bc9a83461f9dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\4903E7ABE348ED39D98D1C844FB81A906D5ECA16

Filesize
9KB

MD5
dda0832b50087772099bab5f5bfee6c7

SHA1
f46172a31aa4deebfe8eed214cc38e81bfe747ed

SHA256
d2ac4c76751d5003828dbc1cb4a730553b9e7ebe0b8149807a88932be76ff5f5

SHA512
90ef240e9d1b2f63333481a69608272031af26a097b0d31d3e34eb35fb5082f69b9779ef1c605f06569fd232bfe56cb3568d43726d8b3f17ad537bafb99660ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\6D4934FE31BFAF4563C9C133D9CEB4B986FB5CA0

Filesize
15KB

MD5
b076faffe8c164dbde002685e600d63a

SHA1
60cf6a220e7b52773ede98d9d54ff09f58c44915

SHA256
4a787cbe5417332525a81a84010928f4ff477f74eea22d0afb736a37cd9597aa

SHA512
1ae70668a28f86566078e0f62dd0eac5563c6420c23b61d200d246659a047614a72e7ffa1a9efbdc9a0c67cacd40c9dd6ec591b9569a7ac89beb9584df9678bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\82D881DB333099178613E9DAD2B696B45B7B2F7B

Filesize
1KB

MD5
52f690772d221ee557fd36e8d38424e8

SHA1
8a3aa02410dfa088faa0613e328c59609754e6f2

SHA256
2f8c74716a246b02b1bc3834f01687940256afe59d154e144f71882c6a8d314a

SHA512
98280720f055288036f722cf23dbdb09611ee02ea53680828382ede5a0cc4dd283b639388f6f9ba66fc718d87b7d97254319818c10c16c2fb78df4b6261c53db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\8BCBCE18A396CB10CBCC7A15A3EC57ED8E7F79B1

Filesize
1KB

MD5
40461daeed822df6662e3e2f77db6c56

SHA1
38af78f804869508ddcdcf7f798d32cc2b6daf98

SHA256
05001f8104b7b5f27da3ab8f13be08b0244a05e13c2b86938e507dcf45044189

SHA512
6e5c2c5f6fd5c965cd0da68c7b76c49ec8837e3f4df08ecd19bfe59d37191d1eb7787234d39af3feeae4e9214909827ff2ea3b348338d8834d009dfc750656fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\AD00CBFB5C21DA6B115C57B59E6FB988EEF87DF4

Filesize
1KB

MD5
bf6eb0c8b9055c0c2878e3590a3e78c0

SHA1
83549fae1c91d8187edc64bcc324cfdb3bcd884c

SHA256
748bfe221cf85a1943d72c0b7086f9b73ea9841f8489c3dee35835328e716694

SHA512
5d826cd0a581a45eea2361d1faa442ea3ed077f633157e7b30f629712eb16bea5c71c56736a86d439d2a3e6f266866d3d46f9cda5778a93faa79ba125893b684

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\BED8997268544C4202FB6C0E8FE619E4D43EF60E

Filesize
9KB

MD5
a0f3fe8316e70cb1def3aec84cb0acc2

SHA1
7829164a3b35c94942f10fbc91df7789523fb347

SHA256
b9ac43716589969f133aad44420be3e7b770177b916d030b928066139060a810

SHA512
e498e2a943b7b1bfd464680fb558857c74911420452cc75cf3be556d87d5fb37571b833f04108bb6c88ca6b9c535e90e2d80d2dde46d565e12006b94874e07be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\D7475D2C8F0350AF120C197874770ABFCA0F1E10

Filesize
1KB

MD5
6d46c4ec9232fb714e38409c478ab303

SHA1
2b56a4f55440403cda89541dad1803712918979f

SHA256
4e6bf3dfddbe1919410b835977ef090cf8ff5dec073e9cdf59de89d98ebdbe6d

SHA512
f25f7b30305157661dfcb07f052e5714ea99533999916f380b9fdd6e06699c51791521b2ebb792f01d57f1543ab2aaac97089af5b77191440ba83256ce695682

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\ED07F042F4253F704BFC7070ADB92A3EDC4588A0

Filesize
8KB

MD5
2ab3f1de294eef5278c006b2c0019347

SHA1
b3ce516ff8238245e31269546829db05efa56b1a

SHA256
72f72760b04ffb6e9d8176ac2069c589d91dbeb8f5e4116db083ce5d610e988f

SHA512
b0de82670c6495b3fb4d7ac90d4b9faf32c483f0688cacdf5124fed54e6a6dddd4fc10abde5f2946b8777aadd7e87e800507fef9adc4fe3c330c4c770a01b36c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\FBE12DF59A09440615ADD747C2CDDF1DC885F7B8

Filesize
8KB

MD5
6398d84769b5ed356d3c5d83153ade88

SHA1
b0ae52d8b540d0abec472725c8579391a680a156

SHA256
c46701b6dc8020e05fa5f02aedb1aef694313fd04945d14ae05673fba6a466d2

SHA512
4a71429415fac62cae4d7f1c136213e0dfeb0531d8e7860accfb836489a1632d93623d12b3fb5cb10ed621cfb0d464223c26ad052acebf5fef54512bfcf34863

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\scriptCache-child.bin

Filesize
710KB

MD5
697e5dd4205a9c8230745960ba0210bf

SHA1
96cd1f59ae30d77b507f96999a4a1ca8503d0aea

SHA256
a9d07c845a75cb7790b6ec3ac78cee1c2048f17887cfd339ed1bebab8bc319c1

SHA512
b160142fb317a0fa55b58934c8c11a9deeb7255582ffd1a440fa3bcf8eee8d8fb82e677123b4fdaf54be41ea01ffdcf7d605b7b8bbfbeb1110b1e66e4193192b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\scriptCache.bin

Filesize
6.7MB

MD5
2aae05bf198a488a0642e270c61f01bc

SHA1
60bcab0a428636cdbba90994969a98ad6b42c6b7

SHA256
afc271d0bfe66e8b29cd79351520e383a593da9a12136398aadeb8f965d13483

SHA512
9f71c498371731bea4382b00c641ab7d9c33d3433f4fdf7c840142f4319efb66b555407df6cae57207f1ba1d55b544f28e5644d19ece1ee65b0e549f9f1b306d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\startupCache.8.little

Filesize
1.5MB

MD5
2bb79e78f2cbc58cf67524d2f70d1157

SHA1
9702684a39c84a953b4841d75fd0f6458c526a1b

SHA256
a855edfa9903253f126dce38b0ec27f639f2f7c88b9587bc2a58b67d38f09446

SHA512
a530a84c561e1bc73fd9237db7151e21e9ae900c9652f69c0f2835392e33c9d9aa21e1b6c91aa1e7ae565a211a72a17174510fd5e93355bb1d1fe7c4bce8cff0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\urlCache.bin

Filesize
1KB

MD5
53448ff0f2e62dfbf1e039024f97222a

SHA1
bc505757ccf3521f2e299333326957207e39e7c3

SHA256
4dccea4b0e53cbde64b3a793430f2b748a10c858149b1d8e8c0f5d457f22f0be

SHA512
f1aee6011a5988e7a15aa268bad96ba2e5079ab11fd2eb15335ee9ee79348206bb6b237905da231f3b40571ab9ec992d55c69cd5db5985efb1eebd8e10884eb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\SiteSecurityServiceState.txt

Filesize
513B

MD5
f6f037dd09a43290023219fa2972f419

SHA1
704a454cfdc33ad3a0644098ff0dde797f836fc1

SHA256
e7d899678019a640c4966d4b3c7ce668acac3b6d6df963dd6015a12c8ee84a54

SHA512
a48c569ea68765bec8b26674169e1ca416a0027bd986eea35647262377b790086aec1940ec68f868cde7584c1432b68233538d4842868d219139c14076d3f09f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\addonStartup.json.lz4

Filesize
1KB

MD5
bc4bd0071af0574fe57b6756f0b26071

SHA1
dfc6af6b87b58391f67679a24c28495503f9e75d

SHA256
2f0cb964330decccb1375985d126d6cd2fec171e344cdd6e21026fa9459d8ad3

SHA512
9cd3f9140a3beca18114253556281c48e0a2401d8e7bb01b518a0615caf6a1f4a8cece627c00caaf9cb3f7cf3a57a224ec5233682b5b3f8e933619b85488551d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\datareporting\archived\2023-01\1673582783573.f0bdce07-eadf-44b2-85bd-8e238fd0bcc1.main.jsonlz4

Filesize
9KB

MD5
e83ea17c568500f38394d66d429dc78f

SHA1
97020f52b8045cf14eba91a4f2c9df7aa21713b1

SHA256
1824eb3f543b9c94dca2bd19dee903acd156eac2bfc18bb1f9f0b1e5d8d07560

SHA512
8d04f20cdf3c7a4081904e90143fdda1843998f75aff8a551cf86598ce06c86329c9fb1f4466a7721f43e0bed1b50eb825df505fcebdeadb2b40bc37ccac6667

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\datareporting\session-state.json

Filesize
161B

MD5
82c67b9c4893e200ed7805b05537acf8

SHA1
7792c8a7b27b9ee399f536a80865abb99d818845

SHA256
7736d85c37bdffb634221d67941b0883251652fa1e9d3971e8be1bbef266179a

SHA512
7579391c26deaecca0d9590bd810d424219d54cf4efc4790833de36fd43feab0108793ec857e370038204feb78ae4a1ec65aa7bbe3e7e825f231d49ccbeb76aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\prefs.js

Filesize
6KB

MD5
d8ce0c4c212b070c6bc50f3b0c4d354c

SHA1
6f6d4e6e5010cc7e6d15958699548867581b15eb

SHA256
0e667a2b4c0a9e83ba720e2701c32d0aac93d13c0f58b3b857fd686849251717

SHA512
5f0db55eaaf6cbf1387aa6c7d05d8b274b477d8dbc2b9c4c45db1d1729131fab94103ae84f8cd70b47b9061d7aa5f94a290c0b55ec30fa734f8e6ac357dcbbb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\search.json.mozlz4

Filesize
2KB

MD5
4ed72cc18495ece5f9af851d1353d9f2

SHA1
8a3536ae15f1559461e7589889f18af5447f753b

SHA256
75486d887ceb7f8c57e92126d1afe298e9a1a29e68aa621618bf1bd59e1fa0a9

SHA512
50b682beb873812e8eb135bfab86c04c8155d91854d9f9e330f3228775b0db0cff09bf4470ce9bb0c976ac3f090de4a7b44bc641176c9534fce5b3c186a8dee6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\sessionstore.jsonlz4

Filesize
811B

MD5
2f32bd0d0b469fc833d5bcb08691d068

SHA1
9e2b07cd4372c9f221964b97d68f262ad01296a0

SHA256
7bedac1b0d84be908b8934610484e690988d6ae892cfcc8a05757c8eb19ca83a

SHA512
aeda58a97b69623e1e81d90dc17d53f3c54388b45c9fcda3ed2640e3639627b7c3b616d5d3a19a8eeb81ff43d2c221110fad92312bd645632450c1dacac735cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
72KB

MD5
6ac35c13b6b83a3682c7251e43b1771d

SHA1
b1e8219c0c161ccc7c4c999a41f34c9cc619c5ac

SHA256
4024ac62befcc1dae58dfe548b9102be680b9a12dcdb3f1cf87498e19f68a012

SHA512
3e127834128851d3e97857dd4bd57452d0492d2700b88778f7d8cfc3f4d1e807faeab118d7ed25fae50955821e0dc83aa88076a97a2645bbd6c9f3f8feffaf47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.2MB

MD5
3c4daebf45664d800af0fc3d9fbf0c9d

SHA1
34b83eda72b8abf7d0819999fdb6e77b60d1e4a0

SHA256
9b8ecb05776ef8c1096ead5089f8563af6d006eb501d2277e246cf5f3c1f9206

SHA512
4b94f03c6565f9e2ae8a0a53c141a7aef426cd38047fd986d563a26e87a3e30d607a38b69b26408405cf4cd94a7b8acf804a20ee71443c384512b5d646bc7ff7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3512-137-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-172-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-143-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-144-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-145-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-146-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-147-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-148-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-149-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-150-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-151-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-152-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-153-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-154-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-155-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-156-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-157-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-158-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-159-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-160-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-161-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-162-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-163-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-164-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-165-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-166-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-167-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-168-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-169-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-170-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-171-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-142-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-173-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-174-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-175-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-176-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-177-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-178-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-141-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-140-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-139-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-138-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-115-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-136-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-135-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-134-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-133-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-132-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-131-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-130-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-129-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-128-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-127-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-126-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-125-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-124-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-123-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-122-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-121-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-120-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-119-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-118-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-117-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/3512-116-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads