babylonrat | 4f12d0dba738f2fa84c2facbac90066853b04c160f334ef218906cd3e1c1df2d

Resubmissions

07-02-2024 10:49

240207-mws1qsgaa4 10

07-02-2024 10:31

240207-mkk6rafgg9 10

Analysis

max time kernel
87s
max time network
98s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
07-02-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Babylon 1.5.1.0.zip
Size

127KB
MD5

92f1e77a395bbedf029d0f97011823fe
SHA1

85c019157ec2d5393595b975518d4fe63d636429
SHA256

4f12d0dba738f2fa84c2facbac90066853b04c160f334ef218906cd3e1c1df2d
SHA512

a77444204efa71c932061cadca9748a33fb4cbfa35d564af12496528d68dc2f4c0d9a2d1219790e757fe15c50e6b9b3d90991da7a9c6ddcc541b0a5b23b4babf
SSDEEP

3072:AlfpYYRMBy1cvxCO0BOjS+rzkzZfgIsYnZ3E4hGlt6q8Qi+Snvky2WlZR/AIDuq9:KDuqJtf01VSgE29xxspm0niivuz3Y9SE

Score

10^/10

babylonrat trojan upx

Malware Config

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

Executes dropped EXE 1 IoCs

pid	Process
3180	upx.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001abcb-785.dat	upx
behavioral1/memory/3180-789-0x0000000000400000-0x000000000059C000-memory.dmp	upx
behavioral1/memory/3180-794-0x0000000000400000-0x000000000059C000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
82	raw.githubusercontent.com
70	camo.githubusercontent.com
72	camo.githubusercontent.com
74	camo.githubusercontent.com
80	raw.githubusercontent.com
76	camo.githubusercontent.com
79	raw.githubusercontent.com
81	raw.githubusercontent.com
69	camo.githubusercontent.com
71	camo.githubusercontent.com
73	camo.githubusercontent.com
75	camo.githubusercontent.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 29 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Babylon.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Babylon.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Babylon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	Babylon.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Babylon.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Babylon.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Babylon.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Babylon.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Babylon.exe
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	Babylon.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Babylon 1.5.1.0.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Babylon 1.5.1.0(1).zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4560	firefox.exe
Token: SeDebugPrivilege	4560	firefox.exe
Token: SeDebugPrivilege	4560	firefox.exe
Token: SeDebugPrivilege	4560	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
2708	Babylon.exe
2708	Babylon.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
2708	Babylon.exe
2708	Babylon.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
4560	firefox.exe
2708	Babylon.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 1520 wrote to memory of 4560	1520	firefox.exe	74
PID 4560 wrote to memory of 4484	4560	firefox.exe	75
PID 4560 wrote to memory of 4484	4560	firefox.exe	75
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 4808	4560	firefox.exe	76
PID 4560 wrote to memory of 3796	4560	firefox.exe	77
PID 4560 wrote to memory of 3796	4560	firefox.exe	77
PID 4560 wrote to memory of 3796	4560	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Babylon 1.5.1.0.zip"
1⤵
PID:3916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.0.1998945156\1142433009" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3929ff-886c-4803-b927-316a0d7789bb} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 1780 1e87eeb7158 gpu
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.1.428996225\1561076384" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78bcae6f-024f-4ab6-b718-68f20b73d2e9} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 2136 1e87106e858 socket
    3⤵
    PID:4808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.2.2056710853\1518292847" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2772 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d769b2d2-9f11-4726-bfa6-df991d5b420d} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 2740 1e806c6e558 tab
    3⤵
    PID:3796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.3.1952967487\1800374440" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56bcb9c7-b109-4667-9af9-a9f7ab7aacbe} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 3540 1e807d56b58 tab
    3⤵
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.4.1060427877\892719672" -childID 3 -isForBrowser -prefsHandle 4384 -prefMapHandle 4380 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66a1f840-ada8-482a-aeb0-356081c129a7} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 4396 1e80976db58 tab
    3⤵
    PID:3860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.6.809181076\776246177" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1c8cf88-de66-405d-b979-6c4c272a69eb} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5064 1e87105b858 tab
    3⤵
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.5.1353027585\1530390230" -childID 4 -isForBrowser -prefsHandle 2608 -prefMapHandle 2604 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b74e95c-6f45-4df0-8e26-ddabc084c419} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 2712 1e80a7bde58 tab
    3⤵
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.7.1001924797\921250175" -childID 6 -isForBrowser -prefsHandle 5288 -prefMapHandle 5284 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc7ee2dd-aee9-4b66-80b3-ec2614b2f3a9} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5208 1e809b9e558 tab
    3⤵
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.8.1531296748\951773708" -parentBuildID 20221007134813 -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d28bd3b6-d5c6-47f9-83a3-51043cc2fe7c} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5572 1e80b761758 rdd
    3⤵
    PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.9.856353173\324422908" -childID 7 -isForBrowser -prefsHandle 2708 -prefMapHandle 4956 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c47c6da3-a82c-4329-9eed-f0cea44c4581} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 5700 1e80b51d758 tab
    3⤵
    PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4560.10.1736249010\1284005356" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 1552 -prefMapHandle 3044 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {465b83d2-6a29-48ce-a4d0-5bd6ced7e98a} 4560 "\\.\pipe\gecko-crash-server-pipe.4560" 3296 1e806498b58 utility
    3⤵
    PID:4152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3956

C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\Babylon.exe
"C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\Babylon.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2708
- C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\upx.exe
  "C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\upx.exe" "C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\keynote test.exe"
  2⤵
  - Executes dropped EXE
  PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\14815

Filesize
53KB

MD5
a67913b9593dd90e7ae36f40bd5c2f15

SHA1
3ea6857095c337f6e69acaff77115dd3db6fc211

SHA256
01842e7022d639e09154bb2e5feb4532ee30a2294da484a21a812e63d7884c49

SHA512
ead5c376616e8e51e057b748c7e252927f3b6ed1c7ec1c7eaa8058f59ec585993385eb4087f4438291311696390ad94b3d043705b58206803d6a66819fbb83c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\24362

Filesize
60KB

MD5
b280e3f692ace7e85637ef10ed903bc4

SHA1
32daffaf5359a1d13bad465773b9c1bb4e90c859

SHA256
443dfb73be6df1fe98c6e1affa8d305eebd03fa9aa01b3ebc7be4587dbff113f

SHA512
24ee5173090815906db3d47a54de67b8d4de78a7759312053f9e5a8106d0e90dd22111a19ebc31dc5d6853915a3e28c6318bb13064b65581dca202dc9bceae60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\6188

Filesize
42KB

MD5
5c8885bca8fe6df3f13cc510ef06bd08

SHA1
349110c6514183fc4e52ed93481cad8fdc866233

SHA256
2cd504d0103a97676cf790b1c0583dcfed29c038f911fa7bbef31143588817d4

SHA512
341271de437b20b5d484e7d919a4d1032459b0dbbaa46061e31755c3be4575d6d8475aaca328b46af271ad9c56f097c986df530b69546af5307dd802535a066a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\01E7348AEFD115549BF05069070ACAA006B73600

Filesize
77KB

MD5
54f69f3dcaca16194b7baef73248a166

SHA1
caa23130eda8cb8d70c894ee10bb96f349e118b1

SHA256
671188c5f5e253f85a0f76e049545d5ba83d716fe13e95726e01a8c91da8799a

SHA512
edad9a373614a957a12a838d0956659575484b5ceaed43bce6c5514abd3eddae490ab62039fe8d2c254412ed2e5853af1aad80b358f26ee421794e5309ac8ebf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\150018585F0060009D7FEBDE8A6151C9AE8C13B9

Filesize
429KB

MD5
1490da145b6c8987a64e0f03c4706279

SHA1
708e1b8c21ae3dd9c95cbc0d3de2f8d6cd0d30b1

SHA256
328faef3e6a1964490749c78cf0c47dff4f27b1a9709ad4c471db4d417137e10

SHA512
f0c440069f110386272e9888d592fa36ccb58f4eaeabf4cee82d47454517b41219acd5e250283733638e95d01df040a4923db814163adafbca86cc7333b11aa5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\1E61518360BA13E897A17737CCDA8D9067374818

Filesize
1.6MB

MD5
111ca4e58d13d36502a7eb6455d8e9c1

SHA1
72b3f7eb8a0bf25a205c97d8a077ba91ddefd36b

SHA256
01cd0792dfa6806baac13f6f92719b61643892a348cc079f7f1badb7e29d736c

SHA512
699d189ee5a64e10c93cc42808bedc9f52c10e74ffd22b6f2d8f137ccade7234dd8651a74d750684d2c589f86ab34cea8474b38dddd44811992df5f1d21eff71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\2167B505D934699C441A8E0A03DA105F9166E6A8

Filesize
136KB

MD5
24b6c74e743308affafdc15e6c8036a8

SHA1
d30ae5ed40fc40789825b648a3804ff826fd90d3

SHA256
ec1f6abc7ef6252c9fe28ceea31e689f41960e0912b43c8bb71515fdf0f90466

SHA512
86aa0dda7eadd3c727b0742b115790c5c4db7df2484690ad4d5654b3b2a8cd611cfa1cb9aaab6ab51dda3362ebb00788a2d9794b44e8fd7b38831723f75c88a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\22F2574A9B1F27A9C8A64AF9211474B650CA7A7B

Filesize
76KB

MD5
92164152a02650667a4e1941ebabb82a

SHA1
469bdd6cbb31693a4a184114c040b7086c567097

SHA256
106f6c03715bb1f52a3f2b3e7b8041364751db6a43948100b42f25c60cc1227f

SHA512
81ac17cb1cb093d4037b18069f619471760cc283ed8eb88a47c90326853e3f5daa031a4d6333dada048da5803f88a00cd9cba8fee98b9d7c1800c1790a054ffb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\27B94747B1AC977E16CF31C05A975382785D3017

Filesize
63KB

MD5
9da1d96a17b0244e5bc67bc004869b6b

SHA1
cba7a2933eea70e82ac78f4eccd469bba56d2b5e

SHA256
bf30ff244659cbb41748c449d72a95e3ed8afa003ce9a179801ab4792e5ce37b

SHA512
26f75b90df3fdedb6def88ed605d2ead51f5e9bb89ebbe376db90820ec532613ee6142cf26e3bad75e58b15d125ee9002c420a62657aef1d1f1d24473e5aa196

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\29E572D6519E3934A089FA41C38D950A2138CC94

Filesize
109KB

MD5
46b487215134cd34585872dee1382f57

SHA1
f71d9a8843febaad42f77784c493fa312acb49e5

SHA256
ef87990fe8edfc0c2f9985d2b401cc18a8ce4fcf48e0b01c2db3f8d9c9fd12bf

SHA512
f3681f92ed7bdca34fa0a0c651d5d8905fe55dc52e44a17ffd5164879df418eab1e23db4faab8b67b49b68ba244a6ae7b2b9ec4862b0722f2b49c60f0963baf7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\2FF45693BE98D1FF633F92C96E5D6A3E6568D5A4

Filesize
308KB

MD5
c5cd5cdfc9e7a1351ade26c5853add7c

SHA1
4d1e5489efde3f04737395e124e9e3daa5f3b417

SHA256
93a9f307bc255e5872f5f131b5a944606c7a69fa450651ba44fb3e3a1b65acee

SHA512
d50578fa7a029265c640c81d8d79a8bfc9d8360dd707a4a78f1e3d3dd7833eefca5cb0c3b036ff54c1a42d916b6f69d9adf469b827e0979497321ef8763cb1fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\397854704867B2CB75BA8658E0989793BD1B00FB

Filesize
147KB

MD5
116070f7288ec1f548af90bde645b44f

SHA1
15b5afc8e4238632bb45324117cfc1589527b781

SHA256
1800cb31356890b78364a0479af8253a288ab9e996972845ad9f93e70628729f

SHA512
bb59a4d80bccbbe89dd68ed786f806942311f10fa59f2ae8adb2530ddeb1970ffc883da6bfa14be2d93a6a3cc880fa6e622a00c935ec2314c63ea344b84ff34d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\45722AE6FD12AFDC2A70A368BA642949293F7F4E

Filesize
76KB

MD5
9a4f4f3c4925bf25cbb70567032d87cc

SHA1
b4553764d29872e4e7036bbb0e312a25d091f2fd

SHA256
685f369392defca7a43fa31c2cc97d12ad8c18f5c1eb73fe9a95a1fd5fcca49d

SHA512
ebddb50bff79ad8afea4a657e9037b55f5a84f7b94790a851653025996e738f4a6d975e13ddcd531bcb1bcd2be72644ec02c76e240de8ceeca0cd33409355075

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\4E4850626F9B7E787B0F47EB58D5C9D0422612FF

Filesize
90KB

MD5
5baa2bab776756485a0f8f84fe7c8508

SHA1
672fbab5bc325ed2b8342b4ee5439b8aaf529027

SHA256
0997c7517c3133b11bfed85ff98f90aa5b522f448eef5cf6207f539245b40ae1

SHA512
b75a54c77840b6599e004873ff1144d8b82b026610b3ee2f1661d90bd3239c8c4cd9aac2fbcce9a87130848fabb86aa9059cddad4db246b9ab4a39f1f1750010

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\5372C1306884CE5E69E39F33E7C4798ADE436F65

Filesize
120KB

MD5
5f37b4dda1426233dc6c61b39461a7ea

SHA1
f070bb122f7f1076a685e5b25cf43f27e5e11b19

SHA256
9e408d9f6860fbfcfa28c3e64f9311e2b30339e88a38f41bfe60ba6aaeba265f

SHA512
5f4a4e080e3a65dc5a0b6f53b975006b9f6377d8c4bf2d307a82fad5796a141d3a29efd615ae7060769de1db11e32a5e8a68a5febb242ea7046e674a1aa5d214

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\599EB1AAB4980DFBC75515F606E8841BCFBC21C6

Filesize
106KB

MD5
dc8615ef98d7842eabb009a34256eb73

SHA1
d1df8d29f8196eae5a4d2fdbbf8c92a1b9a5279c

SHA256
a2c080ec9654a4bcf54777a1b81e344ff483066e05019ff08520f0b2deeef6b6

SHA512
3356a0900c136fd0c80f107a231db536f6d2744647c26195de6bcfeefcbcd62d0ece7161c07fadfb1ad4aa04c7faa9a4ed576599285ea118291df2cbc58a6090

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\610381FD3C71D594CFA6AFE8B8803962D0EF6779

Filesize
169KB

MD5
7a5e78393444c47e51f5fa293d528ef7

SHA1
987ca9bde09b9866248bc897ead4234342a59226

SHA256
93a15c2f9ab5da87cfe7c7302aa9e8e476ad796c1faff610c92dad5eeb9f365a

SHA512
b0f9500d04a67d5c03d8a5ab2b36cefdc93ba2fbb207f90ad1fc55ed8c00baf0c5cdaa1fd63013c5b1b377795f9f30e260666fd039916d09bf810925af5f600e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

Filesize
15KB

MD5
2398bd51c638a31fd8b1632a99b9e446

SHA1
30bca67ba6a78caec5f2add96aa061971216c482

SHA256
6259b66fd306c7ceee87f640723a2a70c453d31ad2f1acb86beb774a9db70b56

SHA512
5e1951079d461bfd63ac7ee29899c8160995731e7c1aaaae20a295fd84d0587c2ed6c3211da3a9cb4689bbd919bf39bdc0f21ae65c32e49ccd99329f101628a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\64921A3FD6011B7661CCEFD820259CCFC783B78B

Filesize
126KB

MD5
62137ab2bea01bfa2fb4a82cbfa6f432

SHA1
00eec7345efa620dcb07f9fd821fd30e3270178a

SHA256
5e87e21e1099d7e3af94165082df569553b995fc56a2dfc7d1aa543d490f68c4

SHA512
17d96d2676e225c4307c7f9f808041288eb1c36599aa9265bd83d152c68d08f83f2db1b244d25d124981996351afa7f81e5cad8ea974d725576e3a99dd95562f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\70548B3E9024768A6B4BD8F45A7F46CB82308038

Filesize
1.0MB

MD5
57e4ff00e07914f6794037c95a7ceb49

SHA1
c74916bc73ee36e6e575945f8e8442750bfb69b0

SHA256
ca521717123a2588b124b06ad0fd07f5d6d1077389b044f0d18badec6994ae47

SHA512
13394d1383c1e2fca08e48e98b66f91eea8a7e7b4f6c381f160d4d3eaebc54845d06d9f35c49d308726be0218b640192d5013164ded8a49d48a13bd5c7ee1bb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\72C61B84C8AD10F115EB062D3B238F7DD4D08F32

Filesize
133KB

MD5
6a4a8838890bb6e7cbb210ad54f91403

SHA1
7f77369abbd22370a5160dde4973d3ac2fd8ecfb

SHA256
d15394fe8d0c893f95fca7c0c6d98b4c265c9bffdd7de0c5e460792dc90c247e

SHA512
ca2ff53b7c003d7fe98742c389738636784253376ca73f11b11715cefc571cb8ed704da3a9fb57a187b2dfed7ebdc6b37c34dc0b5931ef176a43bcdee7b9cd94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\791B8A8DF70047BFA15B8104F2D15B0CB898389E

Filesize
85KB

MD5
383dee202aa95310bbafad03971fb49e

SHA1
eedaf62b3ebbddeea808246410143d96de13c94a

SHA256
24916cc93c4fc705a63c5dd4d9849e9be6dd53b1711fc09da747618b3eba8e97

SHA512
dd06ace01114197dae42637957e8efe3e03651cc21724c5e68127c16456d46e87a78aebe494cfe7748727e5b75521f5c9aa23bf6be48e3c4a283d4d7c8a6ed8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\7CFBD4857A71AFB16B02CC3BD4D3534FD96B1E07

Filesize
367KB

MD5
fd7eeeb21e58d0d3cc3dac5f72fbb548

SHA1
2ae38d07d9cc418e599fc4650111d23892bda856

SHA256
68af05064a55c672acc389dd7d0210c86c70468e3001ebe21c10dee7e0d2498f

SHA512
c47655775e3a81e1d685c6c1d43c9fc2e463e2f4bd53116d19ef6a16d2a62686b0b6e7d42a96a0fba15474f1362fa495d765957c276992d7d8e46035a9eec6be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\7F24CD669B6E5345700CAF20E68D8E061062C679

Filesize
91KB

MD5
7cbfb0a18f94d150aa1400196340ee9c

SHA1
516dbf47e64037384ae2bdd4bc3e60af608025d0

SHA256
abe564d7e8fb21f3eae14fdb8a2751daebfb16ae47e30d0195f37d884df12b01

SHA512
e624fba6053138f1022a1f1ca884f42936bb22392714642f993ecf54ba10c89caf0b360ca1833aad660b844b2714c22bd1f192b27258eb0e40dff41ffb01910d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\8CF0FCA8835761241FFF87CD21699A59C31B9475

Filesize
81KB

MD5
e72b22bddda5f3f94621a5e1caf728cf

SHA1
12645d1c82c091d2ef6255760ff849fbce78d349

SHA256
9744487419476d53b982cea4ddadffa0629866b7da9cab1e140e3c3d3ff9df91

SHA512
00614a50da39b6314a92a8261161d9a9ea0c13a13fa09dd882627494e262bfa2c1bc95810ba17726a257eaf688fef39cb117bf39a9d2d145119a6746a6343792

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\98874637C82419E368D41A36BE8DF0A669762B55

Filesize
89KB

MD5
8e4edf858dcfaaf8ebb52665d131161a

SHA1
f215cf87a9a8d7668f18e6a5ac77b747cec0422b

SHA256
46174d5323f44184af79a11c66caf675b08d403b3b64ee8c0781f53c749d2ff5

SHA512
eba27f85ef5c4b9d80c8b14078507a630e3e6c01b0f4242a422e19879b28aec4e3f68e607776749ef571b8bda95cda5873d00d7f3f53162b2c8311f14fa9ad5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
764KB

MD5
f8c4e7f17be9dac844161c2c73e8b756

SHA1
71727b858cb4d115138e408687b5180855d06c0d

SHA256
d669efc367a33f47c5761dcae319751bcb42f5f1da13b1bac09be0afbfd556c6

SHA512
1bd4692363336c7f07a25bd485df349ae7272eb28f31cc5009bbb7dda3b99af37069e611ef222322f1c773a903d56048a5a9e2ee2321685ec414e50574a8a50d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\A03E71D163D42A487D82C9B7C61A4A800C62901C

Filesize
105KB

MD5
2a28d8f17e86e682215e62ba3407b620

SHA1
68ceb739bde0ccd579903c0742202a366d554bc9

SHA256
f8ca6dc9827d73ff643886acb5b5cdfbc4bc5d5582ac402f3250e9ae9f880979

SHA512
409d822cd267fce542d0d3f93ff859f010117e4be0f7c6b07c7323aa819a93a40f44f0b7da28be06915a680834a54d9c2d1604edf0b92c1cc29a3045a2393ac7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\A5412C1E028F7B70B69573960AFE79B86F7364F4

Filesize
86KB

MD5
ebfd6ba0191fa1afdc998eba8c1bfa26

SHA1
540c14e5ef6fce4c06d3c82796dc55db293625ef

SHA256
6b717137d4b43e850559d3be385c3e77a7046e516a75e492f8764f403f8f1770

SHA512
31fcfe6d325e3a46854726e665faad1d13341658c113a3a2b56e805d0d45229fc9c728f549dd151efa1515c0762324ed1d2f26ba650e858ae52dd5a6586ed841

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\B514093AD97EB137639E70982E6CC2877881F842

Filesize
74KB

MD5
d9251d671b4626d644aeb57561c83f5e

SHA1
595313c223c476c94deec29627612cfa680907d0

SHA256
139ea7016943081708bbe1aded37409dcf50aef44586571dc050c8eb934ce0c4

SHA512
7ffe03c2be764cecf00b832680e517439b80475c73a08cfab134a193aae8146a6317f62348a5bab9b467eda74742c5da2f1e6d971b82945331af9e788146ff96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\C5D65487C05B7F29E797CA17C7A72CE082475581

Filesize
87KB

MD5
a89d1e4241ce9311c39b29ac49f4fa0b

SHA1
34c65fe3fe912da147908ec12ee90c63bba11960

SHA256
7e6b32015f966e1faf2215fe9090bd8ebc393e5d88f6cfb4edc0c2388d2444d9

SHA512
ad8ebd79db3b0fa613af6ec5f62c0ee6241eb2bc75f2d3e0194c645e38764e239f991ed08886928d6f5e04c1f5691a2b2a59e659445cac958e53df17012cd917

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\D075C1131320B20966F5F83D4EBCAB58E1E8A47F

Filesize
188KB

MD5
4f00a4d972e9a311ab1ed1f439936410

SHA1
67b0e3e2ffa262cc310500eaffa44dc8b13d61bd

SHA256
ced3af033c144022f2d0e45bb24c01f0927ce6d425c97d689c8aeeefe6bf89b7

SHA512
e7ecced68b6d0f80a172c7ff27b718a04e290a721e7cc24e769221531e3c017b3b36a9081f0dbb1a630d50631e29fa19dcf555f579eab96c18727709f064a11e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\D4C96039C30CCE23D93679E26FFD9636D963E733

Filesize
186KB

MD5
b333410fe1c4c12390ce4e0eeea70382

SHA1
685e7c2ae629a22ff02b405cf81d0ae125597679

SHA256
fa1c5bcea17ce1ce4e7509f529acebcf69cab8b34ca4cf85829a89c07ec2d6f2

SHA512
75d946bc40c0707f6cb15698b228b3abf2116d2505e7bc0c8abb6d524018ac5a97022775f48e203291c7ba8425358a7e4f0bb18d9cf02101167dc0e7cdad3b0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\DC6CB4D23713E5F558FEB0D8FBE338CC7797A724

Filesize
71KB

MD5
de391ddddd13e201881742d72305a467

SHA1
7c49834df54167d2eb9da9d05754de4fed7e723a

SHA256
f1178702d4b2bee284811bff5019482995669ccb51a520698871d0bc5d33dbab

SHA512
5afedc0a1248ac35dd0880c2877118e849077eb64fc83d7303d3aa660808576ce185026fa5714af7d3386070e392757ceaa514bed07612327ec78316fdb89503

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\DE46EE04856B06593A3188BEC9AD0D09C978916B

Filesize
71KB

MD5
237b9fed1cae808bf4e008a62743337a

SHA1
7edb4dfcd6189b4e11295f86f8734d06ddcb9e25

SHA256
799de5ac910501b0a72068539dd848e846d188e64c3d33e3e56a03b9c76c0cdb

SHA512
49b2fdc01a3eba8d2b88215452beff54e9738402a481897036bb12f85b84f6bd826c55e2d412be36010cdaf30bb0719af39b01b82898853189057674b345e0d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\EFD38084DF453526467DE817FA4BB9F05B5EC2DB

Filesize
92KB

MD5
6418563de91b45da91c4d61fccacb8a8

SHA1
9d148b92cb998cc60092d03c265db561a64c81f0

SHA256
d9fbfa7e0797930a2abfe58500c3e2a7d2dee6b7b732fe0025a9714f117fffbd

SHA512
b5d0eb4559a6e97c203f31a23a318d74d46cce5af186167c7fe34c50f6cdd9c1c2ecaa0cafc085ab5286d46b6d90aec06503a732120fcdd4323c4ba2caeec0c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\F1C49281349CA1EDCC1827D26710CF46014642CC

Filesize
168KB

MD5
c280d12151703b1b57c5cfb567d32918

SHA1
17bfe509091c8b9d4dbdae819081aa34cd58f949

SHA256
683d5c0aaca61d39e78562c99fb00ea2ff5e6fb931ca060f1d1c4703eb9f9d60

SHA512
6299e9ea9037f8c2d27b33455dd506f31d0565f455653534b3882db8c062e69d43d3e3f374bbadfd27f5aed025a29e0dfffe95e326819bc7dd85228c85ecab7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\F730D11495533A63F19CF13DD76E564F0829AFB9

Filesize
13KB

MD5
02e4d84abf34e7ba4d78a0ea840eb64f

SHA1
f853849bb3a8357b9649d5c7a5d2b52fc2e055b3

SHA256
9a33a2f7a28a6e752e68e3166fda068483c8ad255f331818630388b6c21d9e10

SHA512
88f964619e7b05b00bf1a13bbec14dc7c9d569bb35534667802d0cab5766c8805a8259640f7ef653a883232b6dfe2ccdcccf8dd1504b9c7c524bd38f57a4ce84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\FAF7831283380F406773DEB9DBB542CE25BEBDF3

Filesize
72KB

MD5
40e17f0d969f3045b7d45207285a1512

SHA1
aab89fa60ba26126355bdc4c1fb334b6310c5df3

SHA256
a923d567c98b1ef68c64228866ef366cd128b686429b5d76ab68a570442f4eda

SHA512
9b4535a835c5b8094647493075ba1046f96c946780449943105fdafb1869782ffd045da08942923b423c50fbcfbf2878b56a37ed1c77bc80defe61e8d4b08dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
5.1MB

MD5
abdc1b00469ef7b2d84d8aa9d02f968d

SHA1
bab1b3ff99eba73a0a703fccee0d89854d2f5aa1

SHA256
f4a2e0b3fc325ffb40d33e797e1f538cdb514a94e6f3bc7ffa6530e21d459c6f

SHA512
e19254a85f30ebb2eccdc2a8a4a92ceb9282631a32f6afae66594627c79658b52ddabcaabdea1c4cdfac61d03d89ffaa152b803c8917d21edfb29f988ffadbbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
75ccf0d9a577a3e065cbd5058d01adcc

SHA1
32f58a543baffd12445902990e633cdfc510a727

SHA256
01b8ae46501b192f386532d33ab89efc227cea4722337e293e6ab8b0a9e0ee1d

SHA512
6f467f1f56e35218e2df007a75494ae54255dd6738080b55c417e7103a6bb67ee8b6ff3a91756bbe3dddfe1e8999310b72325e77aab17843293342f247a0cce2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\pending_pings\c5d73127-0a71-4da5-bfc9-5e266e732c1b

Filesize
10KB

MD5
28a90f18ab97fa6b15c55f8530623edc

SHA1
6bc7c25fd2b53f2570c278ef40ece6ff0eb43f14

SHA256
1f9aba59bcf568a642221a727048c9d2e476edc7265e95addbdc452474209c49

SHA512
5a9d01b30a5efc89378a3bc7b80ac72e6dc1e8c6011705934c3982d68694e03694d2031d5e159c576ac756a974b5a0360216a736674e361b9a1b646568d32b48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\pending_pings\d0f8da39-65e2-40ac-b8f2-65e052d9f1c7

Filesize
746B

MD5
9accb287da2b471ba759644afc4f8775

SHA1
5d3548ad2487560f137d4df25dcc0fad79b26e60

SHA256
7295bb915db1e5ee1367ab09054c895ea9c059d75adcdf140221be2ba8574734

SHA512
c5e9f580adad14f185568b2e51254da2e464377116010c84a3ed7e7db7312211916e1737663c1799477c5220358ad373f11f5fca0960fd384d15e01e160449f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js

Filesize
6KB

MD5
477288003de7c46c41b2a23f07e717da

SHA1
ed1ff07c0b31c3dab7bd01cc24001205b93f305a

SHA256
b7cd2e9b1d022a2caf81c750995c47e6a4fec9279b171f2e98113a481a472fe6

SHA512
5b6d161549d524e6ded27e6549d7c6c144ff88a51fc88127b499df12ad416268bb46fce98662f867c10fd8151affd9d77ac171542f76fcebb18502787977ec44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js

Filesize
6KB

MD5
17a0845a82461af30f34bb3cf6a001c0

SHA1
786937fe03e05ec0f14dbea6149e45d1892769e7

SHA256
e5ed7842de7fd4c7ce51ab61ffebd0f8fc48e76f5f9b050399633dbc0cc77186

SHA512
6b72a89b667575a9f32ecb0efe0e3eab29162e64ed423e0e4242514d9ad6c4ee015aa966cdbf12eacda88e6bb2d3f481dec36900d7eef40c8fffbcb6c702862b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
3056dbd6dc2bc902b42f381f7657a913

SHA1
15ac3fabc550dc82077fce72a008c1e7ef3caad0

SHA256
9600e23bf8095fb4955dc12ad47c56c5d2ec89f29f0a3e7a22a3a148ddadd0fa

SHA512
d9b3d7de5881821bdd24131b2b6bd8233060fe5c11e8d3eec5d14da83c848d6e050fd6763e90d29adc145b980356f7ad84bcc8080c3da40fea5afe3ab9d9697b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
c9cf014fb4a277e884c89fb0ddb34141

SHA1
586262139eb9084d7a7bb2db8745fddcf8215fce

SHA256
d465073106d9a703b234991e813c547d90ccf4857465b104e76da756f9bb8186

SHA512
4bfd716f9efe7cd65111e1b2c64ef0bb205d35e79edbc5cb87cceeb6aade4fa8de5694bf317e46e9a8f3ae83055144451fb184cdccd4b28ee655e6eb1ab4e46f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
90777f368a87c100217d4bcce0addcaf

SHA1
db398b7fc94cdd3af86704309555fc775ceb1de5

SHA256
d377be74cd14e519ad468b485a875ea6df35f091832d1c0c2c1032a9d67091ba

SHA512
4771614c276b57dd7a71a08f609a8b288ffb10b0cba05b57b3523dbe0cf182d814a89e196dadd72cec910d528af3fdf37bc08bb80ef835b585edc9fbaf2005fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
162cbabcb817bb8328a80188c5f1a1d2

SHA1
d9da7325e22a6cee7bedfac454dd00d7a75e3969

SHA256
e177c6dc7841e931610cae35b423de0bc76dea67518c3442ebbe52370c244911

SHA512
bf9bd579ebabc95a7d9bbdf4e8c39d57a2b25069b74a604b8aea1951bea1b1298f80fbfa5c9f1867369dbf53cc82a5c436362a071f0fb22c7f89d6b321d7130c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
16fd0b758b4a0a47ff93df8ddde3ac75

SHA1
eb1ece5efe6519992ceb826ac2b74ab33234cb1e

SHA256
df190394b93b692df76a77124cc1cd8fdea37465a20006f9e79531ca3a349ff2

SHA512
f9c777765df4f29d054bec4acbb1c7060f1d5a46522e2cddea2a1116317d0cb997f6d6a64f39a78e1a25d7f4d4f1262c6df5231f6ca41e4617937992d7f3b8f4

Download Submit
C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\keynote test.exe

Filesize
727KB

MD5
41473f54470c164d4779e00cf579d2e2

SHA1
8775195eb40fe7b8c9381822a177abea2c81e401

SHA256
3facb27da1e7ed69a7f3b4c6e350c114d1f7c8c582da5e93b7c6bb078e1a6f38

SHA512
9c6bb2a7c1b180f12072e51100778dadb7c3582e96638cda9417d17ccc20cc014e6aab061583198a10b027a1ad7561ec78ad8d88f4eaca77d7d2194c428b99d0

Download Submit
C:\Users\Admin\Downloads\Babylon 1.5.1.0(1)\Babylon 1.5.1.0\upx.exe

Filesize
298KB

MD5
e9eacbb7ab4b3f66019e0a2f13a1dba9

SHA1
ae30894b29e52bf04afc4a54795d438fb910acff

SHA256
0c3dc789d0a46493bd097526b920d913d930d96b1052cb331eec3ac560c89996

SHA512
925445d20c93c65a282fc59f773551d824bff1f8e2623fd8ea0c587831a9550c400f121defb3d82c8f0401903fa69e3154dc98e29688d02af1d5d01247914a06

Download Submit
memory/2708-765-0x00000000008F0000-0x0000000000F1E000-memory.dmp

Filesize
6.2MB

Download
memory/2708-773-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/2708-768-0x0000000007F90000-0x0000000008022000-memory.dmp

Filesize
584KB

Download
memory/2708-769-0x0000000007F10000-0x0000000007F1A000-memory.dmp

Filesize
40KB

Download
memory/2708-770-0x0000000008160000-0x00000000081CC000-memory.dmp

Filesize
432KB

Download
memory/2708-771-0x0000000008210000-0x000000000822E000-memory.dmp

Filesize
120KB

Download
memory/2708-772-0x000000000A600000-0x000000000A69C000-memory.dmp

Filesize
624KB

Download
memory/2708-767-0x00000000083F0000-0x00000000088EE000-memory.dmp

Filesize
5.0MB

Download
memory/2708-779-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/2708-766-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/2708-797-0x0000000073390000-0x0000000073A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2708-764-0x0000000073390000-0x0000000073A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2708-787-0x0000000073390000-0x0000000073A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2708-795-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/3180-794-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/3180-789-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download