e1b3ae8fc890c6588e5656f77ef2747ae7ddfc90b6530b240c0c5b9d0ab3ce8c

Analysis

max time kernel
1584s
max time network
1591s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11-04-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dolphin-x64-5.0.exe
Size

18.4MB
MD5

eca48982effad82616f206f52336fe4b
SHA1

4d88af3572de650b0b7dccd92dc8de5854edfae6
SHA256

e1b3ae8fc890c6588e5656f77ef2747ae7ddfc90b6530b240c0c5b9d0ab3ce8c
SHA512

778755b2d12c703a2954882a4d333b7cb61ee7ed0482b5cb14c1cbc4b90c8b65f308944a2f9369a89fc54d163c613efc65adf70316c08d447183f65637fcb557
SSDEEP

393216:Y1qyjt4rPX8zs3XxdbHNemtqa7JhnurHTl0WcS4ENyQ4p9Jmm+:Y1qyZePX8khdbtecqa7JhnurHirhENys

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
192	DXSETUP.exe
6192	vc_redist.x64.exe
5800	vc_redist.x64.exe

Loads dropped DLL 64 IoCs

pid	Process
5028	dolphin-x64-5.0.exe
192	DXSETUP.exe
192	DXSETUP.exe
192	DXSETUP.exe
192	DXSETUP.exe
5800	vc_redist.x64.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe
5028	dolphin-x64-5.0.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SETCCF0.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETCCF0.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	DXSETUP.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Dolphin\Sys\GameSettings\G2X.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GL8.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GWWP01.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RT4.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Languages\ko\dolphin-emu.mo	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GUP.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GPE.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\SK4.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\SNY.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GLO.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\SVT.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GAN.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\E6X.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GC7.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GKY.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\JAE.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\WLE.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\SHW.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RNHE41.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RZDJ01.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GXM.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RPJ.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\G2MEAB.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GTS.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\NAN.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\WHW.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GBLPGL.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\S2I.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\Shaders\Anaglyph\dubois.glsl	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GK7.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GIG.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\EAO.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\G2M.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GK4E01.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\SBV.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\E57.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\WPS.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GMSE01.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GW7.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GW8.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\JEC.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GFEE01.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GLN.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GRNE52.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\E63.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RUC.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GOO.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GCA.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GWB.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RBQ.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RBX.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GUZ.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RTR.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\Shaders\posterize.glsl	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GDTE69.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\F.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GSS.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\RSF.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\Themes\Clean Blue\[email protected]	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\GGY.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\WLN.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\SUK.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\WCH.ini	dolphin-x64-5.0.exe
File created	C:\Program Files\Dolphin\Sys\GameSettings\G3E.ini	dolphin-x64-5.0.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DXError.log	DXSETUP.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeBackupPrivilege	1988	vssvc.exe
Token: SeRestorePrivilege	1988	vssvc.exe
Token: SeAuditPrivilege	1988	vssvc.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeBackupPrivilege	5332	srtasks.exe
Token: SeRestorePrivilege	5332	srtasks.exe
Token: SeSecurityPrivilege	5332	srtasks.exe
Token: SeTakeOwnershipPrivilege	5332	srtasks.exe
Token: SeBackupPrivilege	5332	srtasks.exe
Token: SeRestorePrivilege	5332	srtasks.exe
Token: SeSecurityPrivilege	5332	srtasks.exe
Token: SeTakeOwnershipPrivilege	5332	srtasks.exe
Token: 33	5472	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5472	AUDIODG.EXE
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4348	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 192	5028	dolphin-x64-5.0.exe	75
PID 5028 wrote to memory of 192	5028	dolphin-x64-5.0.exe	75
PID 5028 wrote to memory of 192	5028	dolphin-x64-5.0.exe	75
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4492 wrote to memory of 4348	4492	firefox.exe	82
PID 4348 wrote to memory of 2040	4348	firefox.exe	83
PID 4348 wrote to memory of 2040	4348	firefox.exe	83
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84
PID 4348 wrote to memory of 4556	4348	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\dolphin-x64-5.0.exe
"C:\Users\Admin\AppData\Local\Temp\dolphin-x64-5.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Users\Admin\AppData\Local\Temp\dxredist\DXSETUP.exe
  "C:\Users\Admin\AppData\Local\Temp\dxredist\DXSETUP.exe" /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  PID:192
- C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe
  "C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  PID:6192
- - C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe
    "C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe" /install /quiet /norestart -burn.unelevated BurnPipe.{84449FDC-D77F-46CE-9AFB-BE0906632897} {3A21B8AC-7B93-421C-96DC-F26FEDCB9394} 6192
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5800

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.0.1498117128\2063836515" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4d4fdd-8023-4fdf-8cfb-2a5acb7c62e8} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 1784 1d6ec5d9d58 gpu
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.1.1730960441\1435709567" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {556aaea6-c23f-424d-ad4f-d03db9bff29b} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2128 1d6ebf30b58 socket
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.2.1646870695\1575130053" -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0423c797-e119-4213-8c58-3b037d03fc6b} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2856 1d6f0798058 tab
    3⤵
    PID:2384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.3.2004664577\2121204203" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 1020 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7821a40-4d34-4aa3-bb20-6e43b908196e} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 3236 1d6e136a858 tab
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.4.516480773\1513265875" -childID 3 -isForBrowser -prefsHandle 3876 -prefMapHandle 3928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21d3d636-4dd1-45e2-bcf3-3531f9394080} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4108 1d6f19e7658 tab
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.5.430435525\221224269" -childID 4 -isForBrowser -prefsHandle 1020 -prefMapHandle 2656 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba223335-6185-4192-86fb-634113ae6c93} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4992 1d6e1361058 tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.6.1376428863\374997911" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4980 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ddd4dac-c635-4839-9f54-389735be27ae} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5168 1d6f074ea58 tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.7.497500732\24746288" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e2d8a7-16d0-4b6e-9fe9-6c7bb0974ed3} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5392 1d6f36ed158 tab
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.8.698077074\615373705" -childID 7 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {926f69c6-00f2-4db9-9b9b-78fc1b6fef8e} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4920 1d6f0b0db58 tab
    3⤵
    PID:6832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.9.747126955\1260898674" -childID 8 -isForBrowser -prefsHandle 4160 -prefMapHandle 1552 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6253655-134e-4f41-abb1-9c984c2d4274} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4052 1d6f2452958 tab
    3⤵
    PID:6672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.10.1613604701\1259077657" -childID 9 -isForBrowser -prefsHandle 5748 -prefMapHandle 5744 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {370f9060-e670-4cf1-ac85-13e9a2cbb95a} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5756 1d6e1363558 tab
    3⤵
    PID:6508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.11.1791854593\245864976" -parentBuildID 20221007134813 -prefsHandle 5904 -prefMapHandle 5908 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16fe63f-409e-4052-9798-bffe3a8b3914} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5896 1d6edd16e58 rdd
    3⤵
    PID:6384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.12.2089341626\1999152688" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6124 -prefMapHandle 6120 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b411ef8-ee3a-445e-bd32-bcd59bd4f1fe} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 6132 1d6f46eb458 utility
    3⤵
    PID:6160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:5184

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Dolphin\Dolphin.exe

Filesize
14.9MB

MD5
9660ec7cddf093a1807cb25fe0946b8e

SHA1
5986661c62d689380476db238d7c18fa37d1b616

SHA256
19d5c382204d7e40a764e116967aec610f502b9be60b9d3b095073827aa93c66

SHA512
5213c828d4f0742c3cde59ceea7b111a1402779602f09fa5e898083b07f2860bb33119f97741bc049fefc0cd745879d22a12dc37ece8e0dd8b308dcc84079755

Download Submit
C:\Program Files\Dolphin\Languages\it\dolphin-emu.mo

Filesize
121KB

MD5
f00a5461ba0b2c95f801923fef70c266

SHA1
f7717e3f341e1b56c46407df643d4ac6dcc09885

SHA256
19c8af2231c12fe7969e63595f818baf9421542d1e4f3ea64ac2ff79352a6f12

SHA512
a9977db27df94510bc75ee961924804c59c0005b9bc9b8961d63b01359c72920a6a6f0f3b014c715f3b0c4208038deb65f114f83dee157422dc035b84a267315

Download Submit
C:\Program Files\Dolphin\Sys\Resources\toolbar_debugger_step_over.png

Filesize
988B

MD5
926a446e9de7d51c34ae548673386417

SHA1
5a0a2666b270eca354f1632de8f98fc966864d08

SHA256
85f27cf7d073c5931530c102d4c39ff731a3eb30c67d506c6626b0ad72f26539

SHA512
d5117a0a76c22b06aa91f7586f866387ad74b4962e569cab64d6abeb83d701c8b66331dc6193478f36faef616a95f404cb15a7a0b0b86f863c93ab09f908ea53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\16000

Filesize
9KB

MD5
e4e9d83a3547cf1527c4b1c7fff7fd3a

SHA1
bf47be05cb67d731e39ff92f25066b16e19e8697

SHA256
0114a3be300510fa40e27c6c7debd3d3f3d1b5a65d46b2bba27718b22418b9be

SHA512
5c0795ba301b514b1d066e525977354d8ce5e25ec8d73867a65c11968d99d025a090972033bce0d433927122bd21b81c7674e61a9434b6bc0744d294a8c56f86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
a3355732008e658b0c2b37ee13c57631

SHA1
87f5ef38bbf875072bbdd08f38ff6bd0c0ee593b

SHA256
71d8ac280bd9fd702f09e84f5ebfd1a2441ace1350284418501e21c41c5bcbe9

SHA512
b17f9f0ff131d1c36a1ad5c159525764126b9437beb900e45b455be171f3180152e6ee45ff06c5d37aa60075ca08a8139c644fbfc2bc7c6ea8019628ff497e62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXC9D3.tmp\apr2007_xinput_x64.inf

Filesize
860B

MD5
94563a3b9affb41d2bfd41a94b81e08d

SHA1
17cad981ef428e132aa1d571e0c77091e750e0dd

SHA256
0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

SHA512
53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXC9D3.tmp\apr2007_xinput_x86.inf

Filesize
1KB

MD5
e188f534500688cec2e894d3533997b4

SHA1
f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

SHA256
1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

SHA512
332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXC9D3.tmp\dxupdate.dll

Filesize
173KB

MD5
7ed554b08e5b69578f9de012822c39c9

SHA1
036d04513e134786b4758def5aff83d19bf50c6e

SHA256
fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

SHA512
7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXC9D3.tmp\dxupdate.inf

Filesize
12KB

MD5
e6a74342f328afa559d5b0544e113571

SHA1
a08b053dfd061391942d359c70f9dd406a968b7d

SHA256
93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

SHA512
1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXC9D3.tmp\xinput1_3.dll

Filesize
79KB

MD5
77f595dee5ffacea72b135b1fce1312e

SHA1
d2a710b332de3ef7a576e0aed27b0ae66892b7e9

SHA256
8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

SHA512
a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxredist\Apr2007_xinput_x64.cab

Filesize
94KB

MD5
743b333c2db3d4cf190fb39c29f3c346

SHA1
26b3616d7321978bd45656391a75ee231196a4a2

SHA256
e7a09f8235cc587cc63f583e39fbc75008d9677c8bb4dcc11cb8d0178a5153ac

SHA512
77fbdb86c79d7228bca2982a3285a417a365af980488a5ac2d470b532fa59fcc15e0e8dbee6eb1a3a5256fc29e0e3391529cd2ac13e0f72987ee0da136000957

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxredist\Apr2007_xinput_x86.cab

Filesize
52KB

MD5
c234df417c9b12e2d31c7fd1e17e4786

SHA1
92f32e74944e5166db72d3bfe8e6401d9f7521dd

SHA256
2acea6c8b9f6f7f89ec51365a1e49fbd0d8c42c53418bd0783dbf3f74a744e6d

SHA512
6cbae19794533ad9401f92b10bd9549638ba20ce38375de4f9d0e20af20d78819e46856151cc6818325af9ac774b8128e18fbebd2da5da4efbd417fc2af51dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxredist\DXSETUP.exe

Filesize
505KB

MD5
bf3f290275c21bdd3951955c9c3cf32c

SHA1
9fd00f3bb8a870112dae464f555fcd5e7f9200c0

SHA256
8f47d7121ef6532ad9ad9901e44e237f5c30448b752028c58a9d19521414e40d

SHA512
d2c354ee8b6977d01f23c6d2bb4977812bf653eae25e7a75a7d0a36b588c89fcdbdc2a8087c24d6ff687afebd086d4b7d0c92203ce39691b21dab71eafd1d249

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxredist\dxupdate.cab

Filesize
94KB

MD5
d495680aba28caafc4c071a6d0fe55ac

SHA1
5885ece90970eb10b6b95d6c52d934674835929e

SHA256
e18a5404b612e88fa8b403c9b33f064c0a89528db7ef9a79aa116908d0e6afed

SHA512
a25c647678661473b99462d7433c1d05af54823d404476e35315c11c93b3f5ece92c912560af0d9efe8f07e36ae68594362d73abf5d5de409a3f0a146fe31a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbD5B1.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbD5B1.tmp\ioSpecial.ini

Filesize
519B

MD5
ed68fef503e948382cfb000931ba9a21

SHA1
12ddcc8ac53ca746460d22b4078fbc33ca7e929c

SHA256
90107cb18389ca0e753c38133de5ea1cee6feed7575994c780e08b0757d1f7a7

SHA512
03e538b88b163a7ffe134a35bc84b8fd2c9dd5a19ed0dbd3712708067cf83aa73bf066527e22273535a8b1797923463f5cc9f162d5a9bad7a4da7a1043ff4353

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe

Filesize
14.1MB

MD5
883c499d04c145a69622f7658e353265

SHA1
bb64084762abd4a06b2fddd16f0092860bc3043f

SHA256
df58f4aa566a10776c864c1007e0ac0987835fa1e9f7445bed8ba21a9101d414

SHA512
ce840c9420e928c9da6c30c3cd97eeb047d34ee7046b8cfcd20b512fbddfe885329ab4db3ca53f7094bf1caeb600c834cb2db10797ceade859c21786144206c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
b99f9db2e78b8db3729f4a457a671c9d

SHA1
dbdf9b2a9fca4489b4da9ace245d8ad66621837a

SHA256
294cccfb2c73d0d8436d6814b2a99e6ca8dbdb22836de4b8b56b40869c0942b9

SHA512
81388e190a62fcf8363afe9f3ba0d6897a8dd6f015b7b4facab4b19ee5f328be25b196f13962ac1fcf128e4c74bd5aeaae194a070780e895a55ab06568d36da6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\SiteSecurityServiceState.txt

Filesize
623B

MD5
209013a6dce65bfa8b0f60b2d475117f

SHA1
927d0c853785c582f2a87ab3cd347458ae6f9323

SHA256
fe1928f8621fd9160f0097a07650c69adef00626316418991c8c910d96123743

SHA512
ba2a159c66d5f7a4d4e24b16bd43853ebb79707d87c05f6ff70d3003069d69be55f4f0054418fe7eaaa826cc2d9c474e05a1cde9d9ed2922a552ebf4da135d18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\bookmarkbackups\bookmarks-2024-04-11_11_fHex2gcaYrcM3bB6rAfVHg==.jsonlz4

Filesize
941B

MD5
06d87d126355fd690e457ce18b4778f7

SHA1
3de1658c09f3729a9ef1e86d20a4379192b125b3

SHA256
d7f1acf55995a0c37cee175af46bd974fa2bb09f2905e9001aeaf604166b7294

SHA512
78ea844adc923e9d7383c4c2c2566aa99097542d69ad04655398dae6ae4e7b9b63037c5c5a7776e939f6337f216e5e906fac5f3faef5bdad8302b117ee653eb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
43faff5f87cc4fb34e0e049f8324790d

SHA1
649a47828fa3f15cb8c6b7201bc3f58b3a907466

SHA256
ba7f4547ad12f02e6b278b24979ceceb27f54758fca05dd9d31e32cb9cb6e7b3

SHA512
79f065bf8c1d4b287875aaf5e80c788c7f103319302026578a7e4644464572f532836190d9471ecd66a254eb10476b51f4c9bd6db36f761f5616bf23953c528d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
8aefb52ecbbe8f57f9dc7741d7c23ece

SHA1
04bca66100bc7a58748e4b4a357eaa1a8d5cfd14

SHA256
b6fc94c14db8622d5f9bd2665edfeda487cf46ef27ca1191f6f54b6a19f39471

SHA512
c2b1e3a029747b5a7555a5588fbe05fe370430616ac38642b97073e1057295d3e5dc8766c9126dfcd24be320181d22b718881c8b93058dd7d0dc10574ada8438

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f96b114bfa8046a219c5e2494a932f81

SHA1
3499f24e923e9c4a8249e5a691c7080f8e973e32

SHA256
de6993313e8662c6ad1577725540921ed29d839bc4ae0f07a747d78e91cac98d

SHA512
f2e9e6a4ede9024d1bf3e5e94baa5341d41ec026ba6a83444c8366a13b941001acba2049a27a4b702ddd59450a8266b7623194cecd7bceae234c8bf1bc5a7d8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\30afe2f1-8c9a-467a-b084-5c7906e326b0

Filesize
746B

MD5
78378eeb1a6a150fc83a23a1270e2b34

SHA1
ff41994a420355fc3ac7314a95bccbc1af50dced

SHA256
277f8f082ff924e0e15865d7f76e6393546c2b70415152c0a71be93ff14e5e75

SHA512
cd55dbf2cb72fbb3fd6791a411a0b71c6c3341a60594952f00c71ce0d5053267a213d8067bf9cf39f9fc9ab9b42fe8d3a5810e95754b5e6e14d9c151f3217874

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\3162d65c-5faa-4841-a7fb-1821d930d5f8

Filesize
10KB

MD5
ce602d650b249aecdc1b298be3c10d40

SHA1
ad9b22e2826faf565b6ecff990774f7c3e7afc38

SHA256
5aeaec2cf027c5bee83beeae9705ac84202690b7f1ab8be2b5ac839a7ed8149b

SHA512
a8616e3a7ae1f7fcb02052921bcdce8b4d91466f9482963c6a69de150ad9213db0e0b493f587d454c41ee0fba70241f6a91ba40d901119fce9e21db256aafa63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\36cfc9d6-49fb-420f-b4f2-ece4f7433aa8

Filesize
595B

MD5
54edcdd3596bcdcdd830eb76eb4f8de3

SHA1
cc9f710e2551fb238ee813baa5c0e34a99c8b8f4

SHA256
a5046028f1bdd0a646a6d9fc572826fa8a72ee8d1f8429fa0028fa3abb0bd0ad

SHA512
524c471b0383965ef9c0070f04076f9ed4b87b7842b5e6e2826531c06ff5b42666efcbbfd9cb7ceaec60ae0aba17233136a9bf23af002aadd15f0cb2a4d0aff6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\3c9a838c-4925-4ce6-a8c0-9077eaf08a70

Filesize
728B

MD5
43ad59bbf308b403150460f46c2667b2

SHA1
ef84c224b90d57bc8d9aef6a2242d95952e6c54b

SHA256
a95521b5cae2aa3c6bd15bca076e0e1366dd05bab6a2addd7706083a519738a2

SHA512
e1db6567a296c6cdc59960751e7689a6b62996f9682f5572712c3cf10ed1061615c9b809cbab1690009ebc5e15ae1cc1ef6142d2ae69d4279ae90830f1710893

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\61024151-fd81-416e-bcaf-5fdb4a5a71bc

Filesize
728B

MD5
8938850258ddd9ab1288f2705dd4b652

SHA1
321f2d07a11dd42ada12d4338bf1141c55203da0

SHA256
2b7d15789aa46e56f80884e4448ab9c071aa2dfe37e37d24b309ec2749512037

SHA512
e71928c2f8b5ff3b24adab07e3fb989815d3c2b05cba308a3cff121822f42071304c2609a8d103340deddb54db90d1e4c176da00a343505643a544217db8c6b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\75f577e9-c59a-47ea-8a27-0160d877cdad

Filesize
855B

MD5
6c8020547f60988cd773b9fb4b041d69

SHA1
b50d3f27759b81ea9f12f10ba6d818ec34eaa400

SHA256
fa5999ae23956a1d670db2497385f5fadc60b06a2d15881db9a779e813a441bf

SHA512
c45fb0d6d289586e46d347631eb2564a8387258dfdaf53715db11832ee4c301baa712e56166ea2af03da58c51aa5b7193be290df745005c9240b60533c20bdba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\d984fb36-abdc-48b0-88f0-4d3602b8ea43

Filesize
1009B

MD5
24578dc4198ef3c0c797f590728d8846

SHA1
d8c670e50e569eb0ac7e2b707fb83dd2d0b1c6bd

SHA256
2afbbf1dc137b92147a00d21389316509bc3111ed764e574909902b5f2341b5e

SHA512
6449dd5026c0d82a84bb8e5c9e908c8946bd57f1ee1961451fc4f6f385f2b6545c124118c4deb40f5785a5fcc5b003b6e062b9f850bdb7e0b98895ae795f0af3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\extensions.json

Filesize
36KB

MD5
1aa68313884fec74ee725b3a8b15ced1

SHA1
d451f5695d55c4ae173cb5c2dc4ed9e4ed906434

SHA256
f727b4160ea7660512fc52e0cabaa5a7a605ea9ec5a3f8b543c0fd3a521929e8

SHA512
736723043df7d4f160933189851ea4b326aefaccaa8275e8f6eec6d1086f221f47607fb237b1a6e2dfa7ed3291f1754acaf2b162518d5e28fea1443e0d5ca7c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
6KB

MD5
4b7a2a36ddab415caccbfa9412b71f95

SHA1
18fafd6f91ca7e13062e96912928f2ea6dff76a9

SHA256
21baf4520b8bd731f20a2c220c8f85f16f3e6d9a58a450824007bc9a0ca37a3f

SHA512
026d65dd10521b35c2b807762ddcfd7118dad004ced496440bf27901bd4e6eb10dfc07f682f022ae6159717febb97f14d4d8cf6f631cc55843244c8c154c6aef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
7KB

MD5
00a0b127729726a2a46765ee6fc02728

SHA1
e9ecfe8fb4e728e56d9d98351733ac53b9a4f442

SHA256
7fdfc7e7cc524d3092e2e21ae1f8bc224dee5aaa8b1a84c16a31cbd059b14162

SHA512
7c6cfd6b386c71db9a97a8e278b255e705e221a97b158fa04b0c2046bcd5977228ef8e6ebfc8d82d21d0eab17e6cf6880b5e2610c0da5ce20c0b172228f5cdc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
6KB

MD5
082e5e3b159422a7abe9c8d30a42ba2d

SHA1
4bb74fce4ee457acf9a8b533eaae8fa072685f39

SHA256
b92786a916646fa1dcb09b1c78f1e3eaffc5f8b68fdaa3dad0d4b33a1575f7d6

SHA512
c1ba1a6683ad28563e6b2546bd522f70994963a1229241eb547e1a1f0e713eaf01339f5e7857f972d2adddcd18f44cbdae2ddcf813c336cd735f29404767166b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
7KB

MD5
b904c91af24516e64ee7d7261f4996cc

SHA1
fb5b0ddb9395013ca7283ed748dcc6c5cc0a9b32

SHA256
819ade6bdfc8ac9968853fba118dce0d338897c41a6c4e08a1a87dbf4c5afa23

SHA512
a682578b0efeefd816305ccf4be8c4af7985a8974356b200bfadb31b1736cd83e0fe35d3a4b6a7e9e80bbbdfdcea5ecd4ea5128ba95b62566de140a5c249e8fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
6KB

MD5
6f7a962a6d57d30f31a53e482c517045

SHA1
5461c7ca2ce07cf17680cba421c14ecab35b514c

SHA256
85d7d562c0c4f04714f078f310b2d9966b30f215492a4e93d83a23b271e3d37d

SHA512
885fcd406aa5921790431d105c7c37884581aa2d384169495ae47d8f016db84eb53f8eac2b3f35ac2e4899659c3f616586d94c5fdf2bcefa8c2b6f6823476131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
6KB

MD5
a544d3a97cc02b65cc83f1c89f39e8b5

SHA1
c7db67c72cb335c68282829560461dc260266ad4

SHA256
7bbc553e41b806984395b7de5cccc27ba15a050e40a0f200a080f507acc7c249

SHA512
452c28d850534593977950ea4f27d8d6f6dedc3f84e9ebb56e7cb6a2177d64a9562c7cad1488f16d786929bfa2f996ceabba5d67de1b6c854a685b836c046892

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
7KB

MD5
b77f9f5f8b4150a8a50fbadd0817e9c0

SHA1
0514777136a771197949779f7c2e9e8ff2fbba91

SHA256
6e8985fbdca281e4c1d3f0848dabebd0aa00e509fdaa0b1ba7d1a569158d1b94

SHA512
ecb763375eb8f1c865581824c6a7a347e6385f65aed89a7f7862f8cdb79af21b2cfca0159f8571266f9c770f05f8996dd4079ec4e8712f00f856a2af884512fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
565aa5823553fc3f54423a7cc5d68521

SHA1
00515cc70156cb7fb5606e3913741a8896dc329e

SHA256
8233fece956712d8a3ae24890d7aa970f32cd3c16ca21a423a318caab26c170a

SHA512
6412c6dab8767e8c87b6e75b765d7c51f1e76a6c75864cd6473de2f12ee7b7853d08e359af0fff7114d694e6aeab80594f5d893f100ad0b5175ee834cda94953

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0fc5ffbbc8906ccfc1994fba038420eb

SHA1
39ba98bb6b27ca2d4e634f8e3b4ee025fcc9bdf2

SHA256
e7d7076be9d59a4bf6c1ec3bc7e9b8f398508cc17b1c32bd711b6228c6f610ca

SHA512
04c0371b8b8fa02ec0822ce9a8efc013688ab39675982e694d71e994b3cac7cc46c16fb116036b7a28f4c10559abb2d033b6a47d26400f9115c15ed486662232

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
e3da6f9e9e0178004b35439de8568f29

SHA1
73a1f80d7af64d79a5481319b4d7d90506d8cd3a

SHA256
fcea71a7569603520d326bbdfa58716e97295a29d9f440799333f5b479bb4072

SHA512
d64a53893e859004fb024100f3484280c1310580aa0866721ffb8ec7c9a8789810a1a17f30cee6dd07c4127dd8fbca52bace9f771e139fe1bb5be419564bfa85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b9bab1b368f47ebc576a260ccafda4cc

SHA1
ed2f4e72dc5214d87cc86174822a8512f513a36b

SHA256
44fd91c8a07cd38e9e8faa195bcfd78a1059c9f0b51952c8785a4f89a0dc2f5b

SHA512
be8cd2ee6bea3f4ff78bd5aba488ae4784090e0cd91f27c5c0701c61e4aa88553355861e5f041342176b25e1bdcef87d839e3a4044894fbb78397cd8f8bcbc85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0925c2e77ce6044fac781b48492afb95

SHA1
2c367da14ad827a87a52622cd8f90cdbfd92c1e9

SHA256
937f223e7b965f9b7e3c125d6ffc52116668681174b28a4f362f8dbb0e1e01e3

SHA512
5b109caa7374465c51db5243bd0b77c6736e0becfbc352f7977755b021a5b8a9ba89fa69858f26ca70aabf366bb0b9fbf8aa89cce421a947a4caad23e9de2e11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
42a4ce563334eb6a782516c94f5ab400

SHA1
92388114744445a7309f253117527778e6630771

SHA256
47480975b929e5101f7726034c991cdc0a05e9274bd6a5245e329a053a44817e

SHA512
18e85a05eb10769563347d240e092666b3c7dbffdfef3571f025f95733ee86afe921c2dc1259ab367d388f4b2c59887a79e73b46b252d32b107c213def4a67d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a222fcc53cbc7f3225ee7c985e9e1e7f

SHA1
d6863dbf3e8802bb7d67954053d0c77de18c0229

SHA256
dd1ae62ef2601df1ad11d72395c978890d489aba02f0f22838f06f1c19f0b457

SHA512
305495c0d45358a20ad89a57e3c659d2ca5c2127fa5bf57e583e0dbd61f749f3f676c9370eb2acfda11edaa84e5972074a7ddfea372c7b9e8c25326eed2e659b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
58ead00a8655f1d1914879313d0517b6

SHA1
59ab9763aacf31fd4fe65a0d68bd2d1dc16c6017

SHA256
55ee14c595bfcb681cc15040cfc01441f270b7786dfe74faa2ab3a89560eeb2f

SHA512
678d1ef61bcbe1f26c7c7277ef237b20f78d06d6e0fa84f5b872da02c1d669a5f139433768965733d6c71716b5b6be57f27e17f7574294f58bc86be793a4d5a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
30669387139e65c7805eb8024b191812

SHA1
8796a805c5c4cb934078dc010c67ac90e33e4980

SHA256
bcf70054c14d5c95359fbb5a4fa94cb04ed82adfabb182681f9f2c90d123a867

SHA512
7b21bae89cee164e61f492fe38dcafe8fe7be26c07a22f52a54c0ff8d521e80862dc969f9ffd7ccf6483ebb8702d03cccba4d28f09ed2d1ac755ae9c4c8158c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
e2b45d474668f08c2f10a148e36c078b

SHA1
c0b1d578cbb6d71d14d91ebe327ce6a899036aa4

SHA256
d1d7c31c791cf0fd07d939ea8cabc9d0f1e532f85c83cec967676aaaa2d16b94

SHA512
830664cd6a8fa0f8780e9f0b66c0002a84ff5eec3a81213332527b52c71573cd05059e4e004216aab1d009f3fb116667282dc856d880c526e3420b96ed27d617

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
786ecc7674d80d59669e8ba4443eb29e

SHA1
74ba407073d67aa0950cc2f8ae421f26fd73985e

SHA256
8a4acc7c20281de6e22d17a339383822e56e64edaacb47a9f2f334af4723afd5

SHA512
090d3955be73bce5d5fd179a7768d6f2a8acd0fb58d837fa7b85067762619f12537c9a2e30607a1f4347577a70ea864d780a8563c990f5322850ad1e16d599bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
8a7a2063315406bb499d176974e26f9a

SHA1
7b9fe00a770fa1598c78b337ec7da4cf069eafed

SHA256
6cb16dfd26fe2494c5dfbb7bd93a857899414ab2aa21d19b1fb3014999312bc6

SHA512
c7a67753a85f5199fa2727eb0f0ed9119cc3a6c2aeee945ca42174384bb60c1fe2301784ebe62781233c5fa0430134398bd266ab2af0ff4af2b4d628df707c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5f1ba5fcd0eabbee6a74e87a71cdf237

SHA1
c8065cbc44ae1ff7bb3c62b2ea316a49d6f6cd5b

SHA256
9c4746165728be8031828d0c8accc2b155c6a359ad500ca24a33ab50920eba5f

SHA512
2d7e106d41c81d3d3d97af7d51c067d4a1aaf5e5145548077e073a8d3656867f38d561f4d1c4b063a89de880d6ea612f26b5d059afbf5f7ad92c55f5f0b14023

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
98f889a38f22891f2af93fe3938419a6

SHA1
ce935b29a87cfcf3ae550d6159552957d0f75682

SHA256
17fc1f6d416c4c0b39bdb1a0d3991568149c711d01b5e937f849b16a76fb2837

SHA512
4b22ce58735788ffe25f1967482e185e05780204edd81689f9a334c3502f3c9defe0d8804e43239b1838e478649ce8cd2326d717087151256bbae0130e103609

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
516d4ba0759ce5f3eb2b74c48c7966d0

SHA1
349da6791ad998341c4007ba4be478dc93de5a87

SHA256
103015591d82ba4cef7595fe67eae2894be588b7e588aff75f68cd224bf0ae04

SHA512
6f13b2d4b15869c346d262857c7691981bd8360c0483c146a6e637daaaac92f808c078081215081b19f6d4052321b98b2dbf583ceeeb74ebb931f88e40682825

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
c93b8992f9d79eb6d742fe21010e885d

SHA1
158d80d2461e0a1f249e005ee3247c032b5bb776

SHA256
1b73af41025c33dc3aae9e1a4d4042b50189175cda5b22f8ad8f8f5545348011

SHA512
46edbb26aca3eeee5e61c81fa37d57462767c6bfdd0629a51e1ec54ad887c0e3ecbcd7ae40271711ee146487ad27a37e32c2b7648cfb83a683e55071f38d6d77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
142190f3672b7644ce089c7ffb610512

SHA1
37c4e73c7b928fb6adf855025730b627af112f19

SHA256
4ba057e68d48ebac8d5331bea69d05c33c48d846321868a638d1f7bef77c6ef7

SHA512
1b1a0037e74508e34a1ab742dc93ae10cbc04a9f60f3eb5e71da72b5b5b89636bb3d3afde66b82ea2288203cd8aaa53c7144904aa38b5d0c710e18ec363343f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
6d61f549847c64dc7c8a691521cf303f

SHA1
aed187efda9636b2fb8d1e452604362518cfdbc7

SHA256
e7b51eb9cb7214314bbf8ed5e597bf65dfa7a6853f23a9c93f7da7546d7094ac

SHA512
1cb090a5b93c293a182514bcc402ab4aeb8086e39ff376f2cf6c4a7e0fe852f4ed91c77cde4d38f10b9899feddd042d57c03682e477e32cf35c78d8cd6b1c641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.chess.com\idb\3716040262cohcees_smco.sqlite

Filesize
43.0MB

MD5
ed7ecdb024894c55966370ab748e106c

SHA1
4442347ebf80c5c41f2c9d6be6aa691621e1e046

SHA256
61a645f480582d5934ab3388b67a2f00ab050ce16117f2668a4241151fe4ec96

SHA512
607b6cbe3e6f0aa954b2c0e730567a175607f0d7a00b24bf043b0f33c96f154952a114165b90221bb05962f54137b3d5726a4e0b48f3cb7359945d50d179318e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
90ead3eff264284fff59c00d60d2413f

SHA1
4331e98cff245cc27c7ad0b380e8d0c351aba6de

SHA256
f1bddc16efb0bbf8d88471db82b447f66e888b0306ec1a407349644965b3380c

SHA512
ef2e7c381f3376c759ee0f9b6371db984e2bbd45b29c05761e09bb920968ae2fd4269b3853e0c5d52e3dea2b9fcc06ee668f8d20c01a3fa0426d8f4e4aeb710e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\targeting.snapshot.json

Filesize
3KB

MD5
cbe5706bad0e4cb9d24b124e72ac4969

SHA1
e6292c80ff24e43b7b1b92c8e9fbe500eba3d5e7

SHA256
0a996bf8d704c7043795021ad890e7ac4c4596cd49df48270d70d9d75b8aecd2

SHA512
4352301af5f8a16d81c937987c140c33f1f060f1e23ce7a171f83314703b692fbc8720cd5f58fdd11b75207abf880e6656fe4bad1b27e277344977f180442d3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Windows\Logs\DXError.log

Filesize
705B

MD5
b405921785c73b36819d4395698c81f3

SHA1
6ae394e774ba6924d95efa7d9e4be888a3edca62

SHA256
ed1d85cdfadae3e5533db211672889eb8dded1cdeebfc02466c3b0639e12e751

SHA512
c16d6d201197afeb6d21fe1d3212c19b204ef4171bd80dfb16da6a4175ba204f3d91711639b46a2842dc16b6f68f1329ef65fd86a2edc2c5d43cd1d7d9090a13

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
474B

MD5
81313881fa6f587eb788eabed97a3ad7

SHA1
10a3852009c81cf1e626ba42c7cde7127e1271a6

SHA256
ab9056212466b05d4bda534e5460b01abb4bb47024bc88d306cfaaa8cf63aed3

SHA512
142928a91e9f57a00853f950dd7fdbcbe742ace200358ecde10767ca9135451028b76bbb8107454f9e44782493a368a5417b04fec193585fd715034d8a56ce56

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
41KB

MD5
d6e4d62f0ed9fa1fcad7ae215d4632e3

SHA1
3d3a569e6cc961da2a1cbbddb6b3206a26745e31

SHA256
71187474712cd4bf2f0902a0eeed19745cbd0168ef04767a580b32d247843fdb

SHA512
88b7b6be0909d02ecf95df81201317b0362b43bd782cd3770b32cac841246b62d21df189a43487fcc30d074e20b8f267f935a4140bfe9ab89fa136376cb21327

Download Submit
\Users\Admin\AppData\Local\Temp\dxredist\DSETUP.dll

Filesize
93KB

MD5
eb701def7d0809e8da765a752ab42be5

SHA1
7897418f0fae737a3ebe4f7954118d71c6c8b426

SHA256
2a61679eeedabf7d0d0ac14e5447486575622d6b7cfa56f136c1576ff96da21f

SHA512
6ff8433c0dadc0e87d18f04289ab6f48624c908acbda506708f5e0f3c9522e9316e587e71f568938067ba9f37f96640b793fdfaa580caedc3bf9873dc221271f

Download Submit
\Users\Admin\AppData\Local\Temp\dxredist\dsetup32.dll

Filesize
1.5MB

MD5
d8fa7bb4fe10251a239ed75055dd6f73

SHA1
76c4bd2d8f359f7689415efc15e3743d35673ae8

SHA256
fb0e534f9b0926e518f1c2980640dfd29f14217cdfa37cf3a0c13349127ed9a8

SHA512
73f633179b1340c1c14d0002b72e44cab1919d0ef174f307e4bfe6de240b0b6ef233e67a8b0a0cd677556865ee7b88c6de152045a580ab9fbf1a50d2db0673b4

Download Submit
\Users\Admin\AppData\Local\Temp\nsbD5B1.tmp\LangDLL.dll

Filesize
5KB

MD5
e447e49175c0db1f27888aede301084f

SHA1
f5946c743265cd8e81f3e7b6376dada57f99877f

SHA256
fd26ef21d72797fedecd3d15f2001cea793383aceb3cee19a5ae2a3d30e197b6

SHA512
e6543bf81bedce94a58f48cd6f9daaec891775e01ff76b771c22d459a778490f9bba0bebbf111b1ca3091b3ca69bca806a9b5e68ce12df03abbaa6ce5c4b7cec

Download Submit
\Users\Admin\AppData\Local\Temp\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads