ad54bd652d55b22a05665343a70c6203179cea1feccb2f29ecf1c0b81893bdbc

Analysis

max time kernel
500s
max time network
498s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2023, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

milan is weird.mp3
Size

2.7MB
MD5

ea024db27affc1e0df61eb63e833c8ac
SHA1

4529e4b6573e6f511c12e2212498a981214fa7aa
SHA256

ad54bd652d55b22a05665343a70c6203179cea1feccb2f29ecf1c0b81893bdbc
SHA512

926e531c38b8cafbd4e79493a8f04d165ad94d8390a110d2e7a2106a9d5f658e6c3749f5fd922d8b3fbb1a3373e9cdcdd3658836465502bc53aa12f222c63195
SSDEEP

49152:hgsyf9Lum2Eq/x+0raZG+g/PKY1r0oVcQHtKIb9joLPpB6tB1TCtFUf:hgV9Lrgx1a8Nr0mHjjoLP2tHCwf

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2656	unregmp2.exe
Token: SeCreatePagefilePrivilege	2656	unregmp2.exe
Token: SeDebugPrivilege	852	firefox.exe
Token: SeDebugPrivilege	852	firefox.exe
Token: 33	1828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1828	AUDIODG.EXE
Token: SeDebugPrivilege	852	firefox.exe
Token: SeDebugPrivilege	852	firefox.exe
Token: SeDebugPrivilege	852	firefox.exe
Token: SeDebugPrivilege	852	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
852	firefox.exe
852	firefox.exe
852	firefox.exe
852	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
852	firefox.exe
852	firefox.exe
852	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
852	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4508	2232	wmplayer.exe	85
PID 2232 wrote to memory of 4508	2232	wmplayer.exe	85
PID 2232 wrote to memory of 4508	2232	wmplayer.exe	85
PID 2232 wrote to memory of 928	2232	wmplayer.exe	86
PID 2232 wrote to memory of 928	2232	wmplayer.exe	86
PID 2232 wrote to memory of 928	2232	wmplayer.exe	86
PID 928 wrote to memory of 2656	928	unregmp2.exe	87
PID 928 wrote to memory of 2656	928	unregmp2.exe	87
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 4448 wrote to memory of 852	4448	firefox.exe	111
PID 852 wrote to memory of 1992	852	firefox.exe	112
PID 852 wrote to memory of 1992	852	firefox.exe	112
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113
PID 852 wrote to memory of 1912	852	firefox.exe	113

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\milan is weird.mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\milan is weird.mp3"
  2⤵
  PID:4508
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:928
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.0.127018241\647438323" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46254a88-2e42-461d-b7a0-bf00e68146e7} 852 "\\.\pipe\gecko-crash-server-pipe.852" 1944 18791103558 gpu
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.1.723386061\525150196" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0462c9a0-34c1-4e5a-8123-1b6421e47235} 852 "\\.\pipe\gecko-crash-server-pipe.852" 2344 1878feef558 socket
    3⤵
    PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.2.947433971\346761341" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3192 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b67f4d0-eb90-49b3-8300-4ed86dcf781b} 852 "\\.\pipe\gecko-crash-server-pipe.852" 3268 18790365c58 tab
    3⤵
    PID:1788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.3.1624425433\814820217" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3524 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6157a1e9-0b53-45d0-8e51-df74edc9e60d} 852 "\\.\pipe\gecko-crash-server-pipe.852" 3740 18794d2bd58 tab
    3⤵
    PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.4.1426761223\1461929047" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51948726-3f8c-4e0a-890b-f7f867710e75} 852 "\\.\pipe\gecko-crash-server-pipe.852" 4132 1879535a558 tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.7.818465432\1907743186" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac605a86-9937-4eb0-9adf-62762c1edf71} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5388 187965b2958 tab
    3⤵
    PID:1248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.6.1012289017\1172759965" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28bebbb2-5462-4d4d-bb13-f05d6ce14179} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5196 1879634e058 tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.5.1449706968\1851820658" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5068 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4849f1a-e136-40f5-869b-b851a5d15550} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5076 18795e91558 tab
    3⤵
    PID:3904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.8.1465295173\521609056" -childID 7 -isForBrowser -prefsHandle 5992 -prefMapHandle 5988 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feefb604-952e-4ad5-aa2b-cea41d853bb1} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5964 18797765c58 tab
    3⤵
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.9.1072518655\808720426" -parentBuildID 20221007134813 -prefsHandle 2956 -prefMapHandle 3120 -prefsLen 26752 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f3997e-9bde-4b6b-82d6-62e974497bc1} 852 "\\.\pipe\gecko-crash-server-pipe.852" 2988 18798111c58 rdd
    3⤵
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.10.688395157\561614589" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4448 -prefMapHandle 4644 -prefsLen 30278 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a9e770-341a-4514-b144-00d682271fcc} 852 "\\.\pipe\gecko-crash-server-pipe.852" 3312 187978cee58 utility
    3⤵
    PID:1076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
41e020ee798eceb4ac90cba2142a7a1b

SHA1
714ffdf4ddc441ae72c3fb2e4548a8219ad06fb8

SHA256
60968b6f285adc7f7347c43815c17a27a383807366f91212b81b17cac20131a8

SHA512
29d22703589df058c7f3509ce58f8e2f8fdf1fc2077e0622a796e4f9c17e563994e3cce83d74b5d58d79ae5b335a1e114c86ca7fe149bab10c3656c0acb0ae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
146KB

MD5
5f2492e3d4a9c4729b076bbb4c5cab79

SHA1
a5ffd983280a11871a6332dac93a0adfb8c5b331

SHA256
fa37d7caf29988cb58929ab5deaedc57662d319d259a8d78f5ca914b3a40f0ed

SHA512
9e8687746cc701e05041aadffe2f619744f68870c29253ae2a85ef533dcec89ca26e3d8f29f16e219e238016f070a884652864252104d6920408450287d2f55c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\14106

Filesize
25KB

MD5
0a88f9ae7bdff1077231e6705aeb90a1

SHA1
b5ece60df9455edda0c205f739e90ec7b9c03347

SHA256
477999a40c6cfbc942842311826258b4001600e423f4b770951c7fb760366e52

SHA512
cf96604ecf1c23b553934a2181a33bec32b915833b77b8498a68b493048c9e33d57644f6028c7b85585d145817665d97a419cae2e21de835b6238ba75d86c424

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\4753

Filesize
9KB

MD5
8470ad78855768ed1cdc8316c84e242b

SHA1
d25b34e5dc22fe9971aa79145d5f443adce4826a

SHA256
dfc41505d0aa7e3f35bfad99fc073977a366a1d9f5b329dcc42923321ae5848b

SHA512
d5d02ffdf243528eee82d93e5e08e81b2a0b91329b310a2deab24fd14be1117d7af051f048c602be5b189b3e4d313df997797b7182b4dc3f109ac022183b0b0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\0F0591ED0C184F750D1E1A5BF421AD2342C6366D

Filesize
706KB

MD5
efb637eee86a4ce82265c28958ae88ae

SHA1
74cb5c1bf0e3d052aa532a5315c7f24e0594b306

SHA256
67e52c2a6d0477a5886212488828e84b1d2655c3d020f1492889c696c182e86b

SHA512
8c851454d5eea9fa855b51af039b436612bd1aa0d6f714ba35152e6d7a6448b4577fae81418d8bda3dc6793d12a8ff8f98ded7fafb679c94bbd864572cae5f14

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\2059EFC9E00B83379A5D556A78C245C6C260068C

Filesize
158KB

MD5
b542cd6ed10b6e71148488bf1652dd6c

SHA1
b86aa60a31ac02a378c29e5ac97a3f9caf574075

SHA256
ab8f29ed23c479f0f114d17c1a4792fbb309e5a5768fac8c64575b789161b674

SHA512
eb56fdb10ef122157017e37153999a87f01db2d9a20686b13f9da7ac32837c668d677f7a4ea21f5b0a93c5239f9110ec2fc30e493fe1c347f36375db94adc083

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\2911046797E88BA1BE421594683E54D64DFE8FBE

Filesize
134KB

MD5
708c3c3514dec582c6345f05b74caaea

SHA1
3042cbc98c3ad9b85e5b432a79bbaf27cafcc08f

SHA256
8966a7e1e933440d836fb33e8f0883bc56433894c186bc9496f6e27b4c98842e

SHA512
ac5fd1769c556d298ffcd77edc2230c2cb4bca0d6316aa645f1a059c034228d9a06c3405a8e167764cf46cc778ce3978eef2374870b309c6555dd38f1970efe5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\40E60C2993C1F4910F954537BAD841588B3156F6

Filesize
15KB

MD5
f8a444780aa3faacb8617fde6ecf245f

SHA1
468dc4050d15602768d868a2938fcede82eb33d4

SHA256
93c22b6f430254e82095c5be977116e297537a57eeee7549a166dd6a4626fc77

SHA512
d6bb1e092f9b2f7ad0d6324419dde31c8a578b39f473a13fbf115926f21aaefa49dd10f4ef9418cbf6d6c794d0a2f5e74c60b42c79f910c7d25c21261cb36b88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\431DF0269B5792F112CBE249BC1045092DFEEACD

Filesize
35KB

MD5
e40c83252e76bd95a0e8634d0308b72f

SHA1
e5fc0e1234e74c7440773be8461da50c19c0b5cd

SHA256
11b440a363b32d93119868ed36165a5d71fc2f2abbeed4b5a2ec7bdc375213e0

SHA512
611ef6212efb54505bcd46bf5ea9c706a4f8338f078b6e978c720b008a606dd3521fdbea94d423513e95414ea1f132c6993cc9e5cec366c623b19cd7af8ecbd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\4934C8DCBDC76EDA80AA6EC3E261990D85EF362A

Filesize
5.3MB

MD5
b30559c99a7c18fdc2fa2603d61bcc9d

SHA1
5c37baeebc2aaf00c962a529ca8848d8b9675d31

SHA256
e0a355d58e2992e09e8de661cd124a1bf4849bdd4e02ddec2db3a1be2b6d3cb7

SHA512
7878d8212f97d01c5a8d3201572d7954821951cec6ce5b7dcbe74ba97d51e7675e5e8de0f9b040a66f8315334cfa0cd6f739f64a75a584ffd6df4af05d9919f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\7B96B46D530F95A150E7CA2F74727A66CDA6B6E0

Filesize
86KB

MD5
9c8a7ebb3b094bc851e1be4f697f3807

SHA1
15e76d7e97b4fbffb4f01c600e471d7aa446750d

SHA256
ac95766ad7b9d72229884080517e410c821f78a1c638daa33fb657c191b73540

SHA512
22edad2130eeefba843ea2332969624ad0526eae43bfd73f91cd0c7ea14613266c2be67e624dda4b3d278ba068cc632819e1982d83f7068f18b5e629121f295f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\9D544D00B759017C95FDBC7072AA9F4A883E8A52

Filesize
24KB

MD5
c89c9155d7bd12257ba9b6be9d604dc9

SHA1
1a9cdf16ec9729a6a51cb0004c4e52937d039bf5

SHA256
609d62bb9bf0c4ba72e698dbc48b641e7e84adae0d76fd1d2db234d3bd94419e

SHA512
4841c2a96a67f616e6985dc196d44c65593301c8b6f817f7d8667c4fd0e4291bf2576aabcc86f04a8b01c8b2149feade9ec0c86015167379b875eb3fca3bc73a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\B3DF6F23D6506E44A5627A4268DB06AD2A3D03D0

Filesize
50KB

MD5
8e2f73242db14d90ff43832c766b789d

SHA1
6d5d0a3b012a5c8b2fef0869ade16388dc8dad6f

SHA256
b4487237d577fa3532ccc77a56d49bf18dcb59c5d365a2bd8d0fa3ef47230835

SHA512
b8ed9a37210305596f3a182de89820210717a199beb7286cd8e2a8118d3233cb7f03eb307b4e71fe4197eb3ee228886790ae56b68097d2e1dee98ee36aed9d99

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\B5FB6597855389D81C56246A9E23043F86F0FD7D

Filesize
304KB

MD5
8b8222ce6dea577e6f6c55b9c7bbf41c

SHA1
9e266520540f538511ac35032c508eed6e1c19ca

SHA256
75a8dd2e0580c0063b9be954a515e0c889f400fbc2fd08bbd5b5cb27b9709fc4

SHA512
75d2bc433b9875fbc81d22022d24652de1a227d928f12f17484116fe9d8504ebb19da52850f34e4260188d1349e54516eaecaf394ff972c7630781076a713c74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\BD3535C04DC204B3F2158E362F2839FB60D3AA23

Filesize
439KB

MD5
78ebd8b1f2d676b598e81f8a965981d1

SHA1
07face38db595c2a612ccb6f43d7b64d4994d986

SHA256
9e7f3e4e7e748424b95526f0b4e3986cee3cba92bd792e9a6272f77600aa363c

SHA512
b35d12dded1b0d2a2238c9f63efac199606193f71f5c4c97fee2bf9b6bdb28ff85e2b4914190b538285cb1e63eb2718d5152631f97e939047a1d2fa04a41c79b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\ED9826654AE8BD972BDE17A9E0A449D3F881E430

Filesize
14KB

MD5
8fd0a21202e9269f6e494a915df3ac27

SHA1
88dc8d398cf5dc470c09cf30b0e555451bc881ff

SHA256
8a7728e1ffd8683cd50369ff778643a81df75256d2c7507098839ff982e4d446

SHA512
d2689f58769374d43304f240a61d501a5128333c779142b53257064bf0ae5eae2b1db41a17a41cdb6f36d748b1d43f4391cb74f0118097d50d818ee4f574014c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
003425520a698fb3dced73f35a7c3cf5

SHA1
09b6f1e223e0f9b24ae88b42894da9062613c8c6

SHA256
b7ad985c5e2c5a1064df654c5066b78b2d6d8f56c6ee34825f3a501428c3475f

SHA512
bbf1632b815955e56c49826a35dfee05bae87712bfa3026043e442a985a1a405c0866b1e4d0c50ba40973dfe01f0eaa1239c3a748f78d853c1b2cab08a0333f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
de4dc55dc9f3b2bbf1ff99706155e6f0

SHA1
d417b7a2a8db583204983fa1f87ce482d0b809e3

SHA256
17b7217f30df072234c8b0acaadebb9da120cf00922089c120915fa4f6784633

SHA512
656ef8e6a90bba8279aa832120d87d8bcf311533e937ea52a87de69e20963fc93eaf353ca5dba1927bb954d08479991c8477f2322d83dbc46b93b9bde1a91e2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
6KB

MD5
a02ae165d2a89efb48d19dfa2c6ce125

SHA1
032a8df900c05821bc4ee4ba280d4ab80cdc49db

SHA256
dec7478a293dc6588d81bb09efbe9d3ecc7dd50ebe9d4eab844310fa9f5ee007

SHA512
9dde12aff28ec034eae6dcb5bfa4b580986c08916397e1c4e725c9c1a1a7f7401aaf3f65d4b9570fbcbf33d8cec650ea13c547ab0c72d67f8b217918ffb7d508

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
8KB

MD5
400a9f3f991f79c44c2fdcb28484333c

SHA1
254ab4ff2c6c9b50a8cc6b3cca877cca22f80272

SHA256
f4539d6e10c9dab6e63af1f7d53bd2d17fd9153592bdc91ad7c48b06698c70ce

SHA512
8a1cc8613ee89bdbccc9ce42b1f6a22754224dfccb0a40dda92faa10c56dbbcc477fa0a942eb9b299d2530c3a2284c9b22edfccccbc78258541616688a244817

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
6KB

MD5
f095afb5b928abf7f4accec77a878655

SHA1
4151b144b53650c69181537d52875f8650d30cf4

SHA256
a1d443d36035c6804781549cdea90594e86ad7421d403ccf247a1c1840a7f05f

SHA512
24f73a5fffdf876bb8f512f57f5406f92c3e2bfc985ad6eba8e3c7b5b4cb11e2a6784e4630f42786596869861392329079cc1124129df0db1bf28726ec47860a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
10KB

MD5
c628d9e20df2007537d91ced5d5e5d2b

SHA1
90a74a09a8c7f2441ad78bb8b33e8b901460229a

SHA256
9dcf6de144d9b3db5b2bf6b207d7c932149c1996db0609b72030393660ffdf49

SHA512
461ab70ed39a335618e4fdb895ccd5e26163cc79e9c01c481c7cc3f7ad0df71471a86482cf46ed456f40158e3b03b334f18fe9265fbb9fd0c46fb7b0f1f2e538

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
75b5a52614deaa8b1d01fee6ee9818f4

SHA1
b1e0450a89e31bfa0c2344b144354d17223c8c63

SHA256
a2048afd08dc66b18b921b56225cacdd366d1013b22381419c6f981dcf93703a

SHA512
a4ff4fafaef99594a71b796d39dfcef076930f0d4e8a3f44e0f0eaba01b2e7e85db41f6306493f67eb570e525f3612b3d54b21f15bda0fb2529afae31cbbf482

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
58c78e299c308a4fc3291b58f3876c3c

SHA1
11159ff02c638644f8c359fdad8b675aa4930b74

SHA256
669b34f974c7277a46d1b144ce7fd6c37445ff2c6d37d466e43fd2a413e38493

SHA512
1d2679b1b5a1c8e8ce1f559eda9a31dbb591f6854b2e7edf799efffff4566cbe752958366baa89a9b19b27885fc715bb5235170ec4ee48936d46d864b0c5ff84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
f158211f161351c8f562bbc963b91462

SHA1
36092e104178f687d7b2bae8beef2f47d357c559

SHA256
9455c43be9a99a51ed3422a77c636b07f8b7764a1e2a3ccf3bc1baca60210184

SHA512
6827330cd73710746a52e7a2944b3f12412bbe70c37a79c898c8df67095bf67f9704312a90a743a33026936357ea3db03a95e4ea43dfee5f0f88becdfe67e83b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
f2bba9f4d19718d669022500975c8db2

SHA1
dbcc602ba0a64d74cc7ead6ca34dbab068f7befc

SHA256
ed92d9a4292c2ac41fc47d16e673225644b325ac0eec89739449d037eb50bf56

SHA512
6e4931c71a41a39884c2700c7c2c803fb9e93ea6fd890e70ae2a761f39bf97ce4e75825ecd40a3b143229724d5c8a67753fa1767896067fa4b7f09dd241ef0d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2e811c725ac974e7eb64c0d94b3bed5c

SHA1
40ac13b7272bafc380fbbf852bf4161ec07a4cd3

SHA256
b3f47bfb62635fa3300c79f4c458eebb2f85e69e76e079d6c8da5be836908764

SHA512
78660461be75f183fb5b79144c12e60d1f029717305d7e0a73f9b3239e147949e051d023c843f4808d98d77c629e3e1e4dc4438de53233c9a5e6a7311fc5022c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d1e81f23a277d99a1e85afb187c4a41c

SHA1
6cd1e0febf0a5255514792f77e6208b4457ebbd1

SHA256
99fc68369dc15018701e5acac2b8b5fd8563fa181e5ac219fd8b873768044f16

SHA512
dafa31683c51212b7c84839286b62155ab78fd5061d15b64e55ae55d888557ab4bc548417383129899409aa1354c0a84260f5093e83516a9e1e6ce11e144246e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
7a706e7970f572db33b64c36f83e3f0d

SHA1
694d81c7b54efe331518dd4be63e85ec0d27cd73

SHA256
761cf46391d58843e6505fbdb9f8c9cd14e18d2018cc9d238192f620981260bb

SHA512
6513fd063fc882fd0da142c246d1b8dfd38a0386b62c97663086dbc8b167c6a319efb4ab381655eef2fc8c27b6d11e6db0e7fdcc5e4e8b7dfb3eb80a56669afc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
dd3e037b0c339dcc4a117c66eaa4a3a2

SHA1
a24e3d936df4101001cecfcfdbf7da08258969d4

SHA256
aefa637bc70b610cbdb1cb61381eacb6877befa3725e5c427720c894a695f27b

SHA512
24f063a9011a452a8ed15f79237927f4c0b9f063229da6c0e180a1cc2ce19f2cb5f4b7e15385dd1a7d33502a5cc9ece7f33abbb2b4b91f7bbe7f901ec7bcd64a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.xvideos.com\idb\1204503687DVBX_.sqlite

Filesize
48KB

MD5
8be5a77be212ca0af34521564c198339

SHA1
d64798085fa2685782c3d28c940b919844a76c58

SHA256
6f0e80a536c3dcd6ec8d5c683438cfb7b67bfc78639e8e943528375d1f18a635

SHA512
e0a22f50e4e171eed410e003c8aab78c720cce3dfd732816b068e8ed3b334fa2c8f9304bb461622e71bf8438fcf1189157a35323086d064fee99babe5d19e235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.xvideos.com\ls\usage

Filesize
12B

MD5
bedacfd12ddc7e2073e447c5d45d6075

SHA1
30b8493c79851beacbb7f8a212c966557a2af6de

SHA256
e103285b8cce71db39d47289a3062c987abe0c0bd2a0aa57bd86e87e0f3985d8

SHA512
75f98a3a0b7cf7e2d0305aa09b583879766ef7c389861bb8f2c8801057a22fe3f3f3372f23aadeca45bff3624545bb7396c5a4693d349cbafcb27b7c5ffc4817

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads