Analysis Overview
SHA256
4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2
Threat Level: Known bad
The file 4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2 was found to be: Known bad.
Malicious Activity Summary
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Installs/modifies Browser Helper Object
Unsigned PE
Enumerates physical storage devices
Checks processor information in registry
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-02 21:41
Signatures
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-02 21:41
Reported
2024-05-02 21:44
Platform
win7-20231129-en
Max time kernel
140s
Max time network
147s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\ | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Wow6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "122" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe
"C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.0.5161966\905603124" -parentBuildID 20221007134813 -prefsHandle 1256 -prefMapHandle 1220 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f861727-5edc-4de1-8194-8330aa3213c9} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 1368 103f8b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.1.648040222\795703652" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80d7b47a-c1d3-47a0-91b4-ed422cf6b460} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 1548 42eb258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.2.1335799545\1923282292" -childID 1 -isForBrowser -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94153fc0-7bb2-42df-89ba-eea53b98211c} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 2384 1ae63558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.3.2079214889\1002356379" -childID 2 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5938690f-2032-4bf6-816d-cf4066cefaa2} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 2724 1c13fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.4.1960372290\808351471" -childID 3 -isForBrowser -prefsHandle 1676 -prefMapHandle 1172 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47662263-5443-4b3e-a7d1-9e4bb9c829db} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3756 1e470e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.5.548295550\122444641" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {842cb14b-9f68-45da-bc3e-506228115173} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3836 1e4dcb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.6.892373602\254283731" -childID 5 -isForBrowser -prefsHandle 4000 -prefMapHandle 4004 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f8e4d2-a2f5-4290-8b72-8bab0873ef72} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3696 1e692058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.7.1451758722\605512852" -childID 6 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27491900-9dc9-4926-81ec-cc3a824d54b4} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 4000 21459c58 tab
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49175 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.24.210.222:443 | locprod2-elb-us-west-2.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| GB | 18.165.160.87:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| N/A | 127.0.0.1:49183 | tcp | |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.202:443 | r5.sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.202:443 | r5.sn-aigzrnse.gvt1.com | udp |
| US | 169.61.27.133:443 | registeridm.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin
| MD5 | cf017dc94bb29978ca73b56aaf78405c |
| SHA1 | f7726ce18e64c1977f7ac3ced40a2ef322a00268 |
| SHA256 | dc5c27aa014db81c9cd49f7b1f0796b48a2921542015e21853c275928094ccab |
| SHA512 | c515cefe229fae28a64df32fd22cd83fe929de6878755b88797c43679c396a07ceac2de4c6fdbe91b95344e8f9a2ed05febcac643e794aff4599d1e241092f09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\9b640f3c-3a06-4445-bf5b-740ef03f21cf
| MD5 | cb1d0af64c7d206f45c30536e739f677 |
| SHA1 | 7a4f3701eca4eca60773c282968be2ff5e3c9f89 |
| SHA256 | c9e3d68d859da0b0b2eb415caecc1bae9a2dc3ffa60ebbb5be4e908078c99308 |
| SHA512 | efb14b1d7e6f67fbc1617f6c0a0aa31a6aec0285d0dc15409ff87ced7789fcd29eb8a847057f23c9bee843e88726a665e04c1c833ec5e3f4f36bb88810d34ec2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\328680c7-b19e-4ae1-97d7-56bf6cbd7209
| MD5 | d019c63986eff00cb6fd47e0b85473de |
| SHA1 | d5f7c7740877cb8d7fe849d9789fe9b49ce37b96 |
| SHA256 | 7fe8722b54de5594c6a0d139762f32b94e569472c3c6fb7bb0ebb25414a3e507 |
| SHA512 | aea460a2a6a23e289d315cd0fd42bb54e07663eb012991e1c015a210fde3f7820af6dbe1bab73dbb8a3c75e3ffd4a23115f6760776ad26401975c72aec39b3ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extensions.json.tmp
| MD5 | 64ae8b7310bb38cb7ae878d62e70eab8 |
| SHA1 | 8c3af07575b9a2bfdee54d612887c2d9462178f5 |
| SHA256 | a4beb9aaa47f692fe8ccc94ea4f362172ba523dfbfaad1c81ed6e497a3458478 |
| SHA512 | 15b8f48fd9270dd6bff37877c5c5160aa53f51a75930fc44c6b55bc2265c0c1d4f8b5b0b19e7181bc8251679086a6266784e8bf86ca38d4bb063797bcc8139d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9986020e960c9ba0e5afe88f6f39a372 |
| SHA1 | 9e21c40938c782254299228b25ad92895b840966 |
| SHA256 | ca374b16b6f6cc223ec1ce4b58762cb2827bf25889aa9e79ca87404c3a9ce314 |
| SHA512 | ea5a84e496e6cc0b97128939ae10ae898d97d3a7484437cfe6a09da1ea695714fcc1efdc7ee510d172fbf1e512ed8bc57cf4c7f4704fc2de589f5c8a29a34225 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | ba223258e4ca096a29ed634697faa3e7 |
| SHA1 | c58150f5be96d342a288f00a1b5fbcfd92722916 |
| SHA256 | b9833999e11c730c54262fd80dec0e6380dac186a3c90bb5f47c0ebd16480381 |
| SHA512 | e5d6529d72d3f436a7727e7b2b1ef50e826f9770380ec22af04cf34b1f4bfe0698be33a1c2c2433cd0c8558fa84fbe68f386d0be39b68d8fc39fdb74587345a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js
| MD5 | acc91fc7d7958b148beb0c7db8719a9b |
| SHA1 | 8afd5c62379f48a1a26491a22cc35d5acf592aa1 |
| SHA256 | 0614490ec572fec670f3c2f470fa5d71a311a5d66553c1cca2e43202ddb76e1d |
| SHA512 | acd52bbf80df0527ea0676815834a31bfe699bbefbd733577a83297216e85ebc4e5d2eb78ebc3457f6b07eb9a0f691561d4418a9150433cbb6390ac67dc1d205 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d6cc09d378ae918c2558cb7c9938c169 |
| SHA1 | be2e6f790ce9562e10b3819191eb40df6759ca23 |
| SHA256 | 4517f3af864f79d1a3bd2ca15a13e1f72bd3e8656f708360be0dd2106cc21c90 |
| SHA512 | f3dd24d105799c5a77b09cd65ec7931ea65903f6bd277882cd560148053401dc5a4db61f7e05ac4fb52db449633738e95142c0993e7c92c5d582c4f2ddd4e197 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 88fa6ecade11072b7a8efacf568713e8 |
| SHA1 | 9cf05628c535877692eca4118d3b8dcaebe4a8de |
| SHA256 | 10720e7b71125379d0de1082edc0c212b7a0ff6631bd0977b0a2189f3c300f72 |
| SHA512 | 233d11c7a5b13c5007f84f885a2b4d3c9642d290f705db8274fd35700a4756ca6669644ccb1dcd3135b5b2732cc980f968a8a9ace6afcc94d485b32001f87840 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js
| MD5 | 897ed0333d9bc30e9b54601ec44c0ad9 |
| SHA1 | 7e335aa90a9a1dacfd469f364b3a7c0deae9b6b2 |
| SHA256 | e3eaede93a797391273fc3d40842e053505a8b3b5dc7f1faba9a4e65f58771d0 |
| SHA512 | b26bad1467202ebec277de694e30fd7f812376bb1c75cbbf244ddaa39602fff8305d1dc47e1048e4539a77890eefbe65d2ef00699fe29882beddac6934282e19 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-02 21:41
Reported
2024-05-02 21:44
Platform
win10v2004-20240419-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "122" | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe
"C:\Users\Admin\AppData\Local\Temp\4df82671a14cf2c312d340a1833d99a98717b33c52bd4d5323d7675f408e6bf2.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1936 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a1a853d-ea5b-4a40-8d99-ec80f6c6aa7f} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d5470c-4c5b-4976-85a0-9704e458b3c7} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1556 -childID 1 -isForBrowser -prefsHandle 3340 -prefMapHandle 2892 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88fca393-2388-443f-aae8-ac221b869671} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 2 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {992b4452-1064-4769-98e1-bd7ba6e50ed1} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4772 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9de4814b-86a5-429d-9919-977bb49e020b} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5212 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bc97ba0-a2b1-4559-b600-d9b49dd6b555} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5392 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36f8544d-9798-49f8-8678-391ad9e5ad0d} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {306b6aaf-8e57-4fdc-8bf8-ca1345903c6d} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 6 -isForBrowser -prefsHandle 3452 -prefMapHandle 5624 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0cfa876-1772-4936-8adc-08615a1ce9e0} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" tab
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:61774 | tcp | |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| GB | 18.165.160.59:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | 133.27.61.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.250.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:61783 | tcp | |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.126.19.2.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 44.238.144.40:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6n6s.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1---sn-aigl6n6s.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6n6s.gvt1.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| NL | 2.18.121.197:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6n6s.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1.sn-aigl6n6s.gvt1.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.144.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.64.18.2.in-addr.arpa | udp |
| US | 169.61.27.133:443 | registeridm.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.17.178.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\5c319372-89bb-4495-8bc1-db7f1ecc7645
| MD5 | 0dad6e6095298dea2dfc6885e1f9e8f9 |
| SHA1 | 4f9d2c5b3249bca64cd1a1c9f008b8724059aca9 |
| SHA256 | 3dfa64272c6d32a060a737ef8dffc8164d94c220a3880a6af6a18b89215e38b4 |
| SHA512 | 7659c70bb6a1e3872cdc3b54132baf82105ba16b30120ba7f6533e1e830626652d6bf8d2c05b410d1319087e1acc9ceb977d049ab607b6f53e0330bf5d9d3580 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\021d781b-bda3-48df-98c7-6b6f357a078d
| MD5 | 471e097590791509b950f7a44b8b7b09 |
| SHA1 | 877f69d1a2d2742733f4e11eea4ef0ea49bbe166 |
| SHA256 | 2ad5466728e4bb8b4f3130e207075421361fdca2dbe92fe9013e306b534d9550 |
| SHA512 | 0bad5328ab72b5da864086deb4e854d935fb90b5749d3d995effdfba3e4f3712ebaed61525e055bc19a11507d0bd620c0838e8326e56e86dd9ddb8892b9fddc9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\pending_pings\61953716-efbd-47b2-8a76-e101f8a4d3cf
| MD5 | ce41be8e03a38d72b3ade6ca3247b8c4 |
| SHA1 | 02b1b126da1f40064d5ca63a624515a69b09e558 |
| SHA256 | 732e187d483bba18d7b913b47fdd724d99b1e53f73afe59e96738e6541d76865 |
| SHA512 | 229a0d031fc1136f460d565b91e069df606f6de055e69c85d1c4b1b0dcdefc65218542c481cba7d93a43116585aad349120567cef52d16908ef455697378d47b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7470db6626de517623f9e75288fff051 |
| SHA1 | d19e429e8ff3390d05ab26a165da2807429074de |
| SHA256 | 6bbaf85bc592e8971bdb15d9628ce8df4ac41ec4411ff7f84667f642c28a2000 |
| SHA512 | 08be8c5866dfd6426895623654410da4faa76254ccf8bd669c43e584f22ded46c05f58a5023bd1f3e0f9b9afe50b983c793091c472bdcad2953ca6a1811ba91c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\a9whdnbl.default-release\activity-stream.discovery_stream.json
| MD5 | 89f41a733e7860a64b8be5e6b7ab8ef7 |
| SHA1 | 2daa809c61966c59b213a54586fd1da123bdb403 |
| SHA256 | eeda6e2a3b911332fd6cfe360cddf31a432c74b0de54f464cc8ac2c4b12680d5 |
| SHA512 | 938b377359787f45e977972756a304f105965e6dd1a2252b8c2c1285d548e21fd8e67e0910cfaecb64652c229cba0e1a2e0b83a9955d4272406a07af5d70f575 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\AlternateServices.bin
| MD5 | e25880d99d665ff9332ccb445135f0e1 |
| SHA1 | a3b73d1e99126ac63239f6f7c02c99e3955807f4 |
| SHA256 | 6939d5358408a5e7090b01a666d05a67efd22d9d28f6f2f6490903d91b7993cd |
| SHA512 | a8637100f5522038a84f336ac87f282f560bb5035f46ed6c8aaff053f27f9e0abbc6764448d5f7715f71b270ef619f91b5cc1d81930e91d57bd3e97ddd230cd6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\prefs-1.js
| MD5 | 6bc0ba3628f18e8feea00960df249598 |
| SHA1 | f863d6c20a8d722038821d0bda6cc74eef7977c4 |
| SHA256 | 4f022acd6e0b52305de87812223278d5a9f69887800a2564d809be1c08de06d2 |
| SHA512 | b5c30fdffd55d91b470027e544fdcc3fe692b63bc1a9a5aba047e3e9d2f640b4a2285190d8c128ff57fc7e2034442b994c25d2a56d8569e87f47d40d5855052e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\prefs-1.js
| MD5 | 59babdbd9a2d6c0cfb8d95d52b98ae62 |
| SHA1 | a148547bb7dd2d6d996a14a9cd9f480c41191247 |
| SHA256 | b60b1580af6a02ba72403e45da7ad7560d6fc6dd9d37f279fc4490b854f4e320 |
| SHA512 | 954fe15f1d97f1d92638f2efa6f795f257e25689aecd8bff27cbf1ccd328df1aefc1c372d9c042ad848ad64aa8772663971863acb079281a375ba89b4b6d4119 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9whdnbl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp
| MD5 | 36e5ee071a6f2f03c5d3889de80b0f0d |
| SHA1 | cf6e8ddb87660ef1ef84ae36f97548a2351ac604 |
| SHA256 | 6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683 |
| SHA512 | 99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e |