hxxps://github[.]com/tj-mss/Dis-SpmSft

Analysis

max time kernel
178s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2023 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/tj-mss/Dis-SpmSft

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
752	InfSpm.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\InfernoSpammer.7z:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3104	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	3104	taskmgr.exe
Token: SeSystemProfilePrivilege	3104	taskmgr.exe
Token: SeCreateGlobalPrivilege	3104	taskmgr.exe
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeRestorePrivilege	3752	7zG.exe
Token: 35	3752	7zG.exe
Token: SeSecurityPrivilege	3752	7zG.exe
Token: SeSecurityPrivilege	3752	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe
3104	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1184 wrote to memory of 1944	1184	firefox.exe	47
PID 1944 wrote to memory of 3656	1944	firefox.exe	87
PID 1944 wrote to memory of 3656	1944	firefox.exe	87
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3548	1944	firefox.exe	88
PID 1944 wrote to memory of 3084	1944	firefox.exe	89
PID 1944 wrote to memory of 3084	1944	firefox.exe	89
PID 1944 wrote to memory of 3084	1944	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/tj-mss/Dis-SpmSft"
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/tj-mss/Dis-SpmSft
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.0.1784038474\658779777" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1832 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3a464f0-3787-422f-8aad-cabda7e2f3f1} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 1936 1dce84d5458 gpu
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.1.198044171\564756425" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2316 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e88bb32b-b25a-4120-a60d-e41a9b5974b8} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 2416 1dce7f47c58 socket
    3⤵
    - Checks processor information in registry
    PID:3548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.2.1428351064\1685926276" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3128 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69d88a82-9e27-4aaa-9a35-e596399d2ccd} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 3184 1dcec3ef058 tab
    3⤵
    PID:3084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.3.1906826655\1842051653" -childID 2 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced65e40-8d30-49f1-ac1a-b355264a66e1} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 4060 1dced5b5f58 tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.5.1310389380\907265981" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {241ff96e-3e33-435b-b814-3e0d294e94fe} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 4820 1dcee1cc558 tab
    3⤵
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.4.539004466\1815268185" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fb0ebb9-381e-4e66-8727-b02f02eebc76} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 4788 1dcedec1258 tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.6.466342704\802182174" -childID 5 -isForBrowser -prefsHandle 1680 -prefMapHandle 4328 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4e8504-43b2-4462-972f-9cbcc08c5773} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 3400 1dce84d5d58 tab
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1944.7.1689987815\1897298751" -childID 6 -isForBrowser -prefsHandle 4772 -prefMapHandle 5864 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3566da3c-f38e-4e1b-b8cb-59b58142680b} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" 5548 1dcee9cec58 tab
    3⤵
    PID:5660

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4256

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\InfernoSpammer\" -ad -an -ai#7zMap5951:88:7zEvent31554
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3752

C:\Users\Admin\Downloads\InfernoSpammer\InfSpm.exe
"C:\Users\Admin\Downloads\InfernoSpammer\InfSpm.exe"
1⤵
- Executes dropped EXE
PID:752
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1184
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5008
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
56394ba73ab3813648793d14619667c0

SHA1
adb5f74547597948e8b6e99677df26fb4babc4df

SHA256
24172a0142a7f36199103b2adbdfba5ef286f2fb8899c6e4096e1c5bc821f5f3

SHA512
707d584c3fed9a318e5378a26e592d33a5afb78d952bb3969dc73edb8f9d8e4680ca25cf3e6178c3115b01afb2540b66e562b89f722f0cd1bdfb3c7237398234

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\21925

Filesize
13KB

MD5
b0a8b945d24f8638472fe35a78f07887

SHA1
104a57e196da65737330e52c6b2a4e5524ee07f8

SHA256
fa8cc879304669e6d18fe3b307662d5fbc9fa8ee4bb1f51a92282bd6b6c7b47b

SHA512
fcb8cd43491fc77a112219e39682eeff04d804de2dd6dfb18b72e7f1cf1e973fd78046ba6a3db029fa588cb575bb6d6397c7b19924ba5b065ce8ec9ed93bdc67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\entries\AF0AB4E4EBBC4D9B17BE64C0A56C9B77E69897FB

Filesize
52KB

MD5
b9f2417f1629f81c0c0ba1b293c07df2

SHA1
4b312bb4a14093e66504afb497437e55359e1a0e

SHA256
262f604be124a8440cfe6b71531d0a1dfc31daf0652842089b20f3e9e9a2658f

SHA512
41bf66d42165866aa08a3cfb51a7e110bc6f83dfbf2d7b53fcff0b6af4f8aba723e925e3c5e3bbac02f0d1f68e6de777fa788b61c9f4b0d98afcb740d001f103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cookies.sqlite

Filesize
512KB

MD5
7eca7848e30781793da767657091261e

SHA1
717c00e6b7f3ab795706cf725a4ee1ca8a140349

SHA256
351ab9a9286758f36092dbc17d10d1765b46dfaae98496a087e81bf948020aed

SHA512
4790b25cd7a57c13050415ea05f909f45b5a06b2b923c33bdf3175dc1f31ee95467853bf97f913a19068ab9ca4561e8919772d51c25e047631deb4541a7f7e73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
6KB

MD5
be4b2fd373635f32c03a41eb78c25ef1

SHA1
73367300207de42382a6152ea35e2a2f8d68ef05

SHA256
cd64a990b2d4f6bdb74b28790c0fa9deba361deaf5f1e9c738aa5908941e0de0

SHA512
6502e56754c9075afbd68797cbad084e70c662e9197b996d64e240a6fcecc271e21dbba41463c5eb61666d1ac35c1afa6afc1f2b2d9487c5eecf290f12704226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
7KB

MD5
2f8470401e5af5ecdf4afb50cff7dc52

SHA1
c677e960a84ddcad2c601de60b6926b0ffc00ef6

SHA256
30bd27c958424970b237514ff6ced6d553d5767ffe2da3410fc44a8e4d66002c

SHA512
9a96c033e20724cc835640e770de6d41cabf3eb03a5819a62f4f214758bceb1d83a13c1b129a08f7c63f1ac1fa948408e611838e7b3407d09cfc43835d939596

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
aa8a69f999eacbfcd2a23d6a28f4feca

SHA1
043ef49410e53a1cb1a8805113391a028578bb43

SHA256
cf16c45fe7702feee1820b2eb6c5715bc62dde5264bec60811a6a77c30a7e5bb

SHA512
38e07f408b50401a35cedb7bc8aad9f7041cb14a5e72212a16f3e8be382e11863ac6a857d1d11af161a686909aa1b2569443ce96f28cf8fd6e580206c1dbe745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
dad5d459c017fd65edbcd23c312ac0da

SHA1
3b7f5e30d60da2385667bc78e258f84707d4d967

SHA256
ae60610c332a51caf03d27c3b0fc860cd2c400845e88fc99befa7a792544e31e

SHA512
ed681adec15deab31894defc7877c9454895b71ef6583bd4ac01ed91aceed4008495479e82d3b42523c3134aca8a9613640038fc2d5ed77b8cdf4c4a3c76ab08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b95e16b9d6be80c4c1d7e0d201448bfd

SHA1
427a48356989b89f69ab1b2341dec57e8d6efaed

SHA256
027c1a4f96a833fed749e2849db0dda4736c538508610454d5bb061f10384e6b

SHA512
abc8f4ce4fd896f9f8c658f6cd25607d8a6a1d7c3e481560269d32d59b32cc92ff29316aead81cb4e9ba99a516b1e18ae4f3645c9f1da3f2dc5cf8c539b8b9fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
4f7a2dd3ba19149467f841d7f5054158

SHA1
b24b3a3e44d83eec498a3d739b92f0cec022d7fc

SHA256
f3a13e349f5d913c19362667f0ed1df7e29d128fc9ea9b599401e1b77aae72ef

SHA512
bc7cda4d8f7f00e36d06f3fea411c9fb4f7b61ce51c3da5f269b81aa96b457612e21854d51bc3b83329de0fb70cfa33ee469c7aac8671bf56f0343023141a5af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
b39d8f2fc36ca42661f159431fb3ce1b

SHA1
2e24c02c83e9ddef8e71ee7983439f83b912a2b2

SHA256
25784de1d03c80404082a58e5dcd420618330bfdd368504880bdbde712702f33

SHA512
c4591aaf567aca32442042128fd56dcf628d2c95bac55fd551dd22a3b08197b3481a033f2680aabbfb952b644d00faea7f9a411881753637271a8713865a83bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore.jsonlz4

Filesize
6KB

MD5
c653a2a29d58f58d5b7cddc812eb92fc

SHA1
054a261a91167b76f4a8d12e554419f47a32a607

SHA256
b73a87ab1b371326b94af82817e691ead6d42b1a04bdb6c75355cc2dd54f4ec8

SHA512
20ab29912e89c4fb931ae3d128991cd147c77fa5ca086a24c94ae0f93cc9f4f441467a9de8c917ba2ec4c3e42711ce00ea2d989d333ebc01a3df984743d433b0

Download Submit
C:\Users\Admin\Downloads\InfernoSpammer.7z

Filesize
6.6MB

MD5
2d2b36b07cf80ba3fd8da4cbee647116

SHA1
efb8d044986021df1a6712c2f34cf9b488dd0201

SHA256
ce6bdc756d5fefa72da2917130ffc5b6cd1b87460be782954397b7175d2618e8

SHA512
428691c9c73c0f802691ac8e7a996b6717e3070942e29aeedd13f0ff85f32fe14cfbcc35ba22ac8297f121f94055b565f2e8093bff69265899af5f61e613f4fb

Download Submit
C:\Users\Admin\Downloads\InfernoSpammer.BLHaPEu_.7z.part

Filesize
1.4MB

MD5
173359d95c82c3e11b3ec2dd88ede4e5

SHA1
b10e43d1f5dc22cd07f6728772f9ca81cba6c2b4

SHA256
89e6a2e030ea740537b26b9bab8a6f423cc8d051ddf518132c438a5ecee7702c

SHA512
52a07d725907bcc37ef0d628b18a694f3eb7417ba2dd45bf76082152aa29a567fd198b838f1d874c083edbab1df4d5e658ec757b29fd1fb22db4c6ca7b81578b

Download Submit
C:\Users\Admin\Downloads\InfernoSpammer\InfSpm.exe

Filesize
2.4MB

MD5
1433534ec8e094ffbeef04949193e011

SHA1
c9b72028b3cdc11ca348b39e4c2bc3e00e4154c8

SHA256
eb352b237dd676134f4226e761fa622b08bfb2531c922fee3ed50e0c606be28d

SHA512
65bed15d24ba1139a85d833cf22915c09e9a197f1283e33a329743be2dc118b06c4fc23c247f5b21cc3a6749ae270322d9319dca8958376828893bd75fe74de8

Download Submit
C:\Users\Admin\Downloads\InfernoSpammer\InfSpm.exe

Filesize
2.4MB

MD5
1433534ec8e094ffbeef04949193e011

SHA1
c9b72028b3cdc11ca348b39e4c2bc3e00e4154c8

SHA256
eb352b237dd676134f4226e761fa622b08bfb2531c922fee3ed50e0c606be28d

SHA512
65bed15d24ba1139a85d833cf22915c09e9a197f1283e33a329743be2dc118b06c4fc23c247f5b21cc3a6749ae270322d9319dca8958376828893bd75fe74de8

Download Submit
memory/552-572-0x0000000000DF0000-0x0000000000E3E000-memory.dmp

Filesize
312KB

Download
memory/1184-562-0x0000000000D40000-0x0000000000D93000-memory.dmp

Filesize
332KB

Download
memory/1184-566-0x0000000001450000-0x000000000149E000-memory.dmp

Filesize
312KB

Download
memory/1184-563-0x0000000001450000-0x000000000149E000-memory.dmp

Filesize
312KB

Download
memory/3104-222-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-220-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-217-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-175-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-174-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-219-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-223-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-173-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-224-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/3104-221-0x000001BF59800000-0x000001BF59801000-memory.dmp

Filesize
4KB

Download
memory/5008-568-0x0000000000B90000-0x0000000000BDE000-memory.dmp

Filesize
312KB

Download
memory/5008-570-0x0000000000B90000-0x0000000000BDE000-memory.dmp

Filesize
312KB

Download