Analysis Overview
SHA256
56070412a6e7209e9119d7402952a04ef8063fb535ed4ce8abed661594077a01
Threat Level: Shows suspicious behavior
The file ed6dcfe516c20b3c4e309f2529f456a5.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Loads dropped DLL
Reads user/profile data of web browsers
ACProtect 1.3x - 1.4x DLL software
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Installs/modifies Browser Helper Object
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies registry class
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-02 14:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-02 14:57
Reported
2024-05-02 15:00
Platform
win7-20240221-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ed6dcfe516c20b3c4e309f2529f456a5.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\e: | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\program files\mozilla firefox\uninstall\helper.exe.tmp | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| File opened for modification | \??\c:\program files\mozilla firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| File created | \??\c:\program files\mozilla firefox\maintenanceservice_installer.exe.tmp | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| File opened for modification | \??\c:\program files\mozilla firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "ed6dcfe516c20b3c4e309f2529f456a5.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "ed6dcfe516c20b3c4e309f2529f456a5.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\ | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "122" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ed6dcfe516c20b3c4e309f2529f456a5.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe
"C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.0.1007952964\1398314720" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26758a74-2a7b-43fa-bcdb-0c591859928a} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 1292 11fd6e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.1.1330380139\599529773" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {878871dd-bc5f-47b5-8f03-f881a9f10dc8} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 1512 e72b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.2.189795080\1955104375" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34a12cd4-c835-47fd-a93c-82312503c364} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 2128 e2e158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.3.1338364365\82289010" -childID 2 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {496e77b4-9661-42b9-874c-af98fcaa5cc1} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 2856 1c570a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.4.576177480\1399556378" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82b56c4-6cae-4e94-86b0-fce83513a4c6} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 3588 11fd6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.5.1651757886\1693049775" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c94e0c3-2b99-497e-87c2-ad6c8edef981} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 3788 1fc96c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.6.616935149\1559185713" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a8ebe8-67b4-4987-b58e-c2ffd57f9079} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 4000 1fc65b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2440.7.1026292677\500810234" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4200 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00495238-9b08-4881-a7a0-0e7eeb7c367c} 2440 "\\.\pipe\gecko-crash-server-pipe.2440" 4144 1025ce58 tab
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| N/A | 127.0.0.1:49227 | tcp | |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| N/A | 127.0.0.1:49239 | tcp | |
| US | 44.233.67.78:443 | shavar.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 18.239.208.2:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 169.61.27.133:443 | registeridm.com | tcp |
Files
\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/2724-3-0x0000000010000000-0x0000000010030000-memory.dmp
\Users\Admin\AppData\Local\Temp\A1D26E2\A9598E0AA4.tmp
| MD5 | 9ba3fc63446726a22829827bf31b4756 |
| SHA1 | 09ebf3bcbe92a518f865f6ee53e8689b10b2c4ce |
| SHA256 | bb0a1d5ae72061d358a95f71b535a1a0fdf1cbc4e996180b85c1efb0b4c2e538 |
| SHA512 | 3ca0812d23ef112357c4b0686b5c333f04da3740fe4ecb491799aac2946244f5bbca2304d5f0ddd027bd4cf9139395073d78831f6d13d39402c07d696375bf19 |
memory/2724-14-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2724-13-0x0000000000B60000-0x0000000001128000-memory.dmp
\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp
| MD5 | a8d7d850626e233cd7517ea44e20cc05 |
| SHA1 | 555650459d709ff5a61a6437d7a9cba3e82b149b |
| SHA256 | af1c6191c1234a4fd06dd5ddc590b4f0a7258467b796c70dc765f9da7604dda9 |
| SHA512 | 388bbc5e7f8c3f486eb7bb0022ae62b199be0860d00efefa382511f4f9f23c493a6177e48d3c0d61ddffd93032b72f45970d5622e91955f8c0a492f0cab9ff5f |
\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp
| MD5 | 7bf4aa062a2897f6abb4e5cef31a65ec |
| SHA1 | 34d5973c4967c7d4e053ff06d278c687706f08a7 |
| SHA256 | 31c6b76c31476a5ba22741b37eba55fca396973702d7bb4a5cc907d1f19c1314 |
| SHA512 | 773ccf0536d47e6f455cc834a804d9610ac3a3ba2e01523f6b9e592f6c91b3186d49e909c3f27aa895a0a1f9848e41721aa73b56b2a1f30452f8b135f2138496 |
memory/2724-29-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2724-28-0x0000000000B60000-0x0000000001128000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 47019713e0ec9428811d1516b7c268b2 |
| SHA1 | 1fd46a4511a2dc140d18c0131f2971292bb51aad |
| SHA256 | 5e786c486d3b073b2269c4e433dc9c3132d4af8863bb80330e78b9e76ef8e598 |
| SHA512 | 2fa6c3281151337c0b56d9b4f46953889f0b215a616575d198f737ca18c3071762e931afd4a9f7b5787815081a8d40b96317a2b23c53ed84c916eb70da7c0d55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7426895580fd75e60d26556c17ab641b |
| SHA1 | 856b022a95bc88fa452005ad282910a20a1c83d3 |
| SHA256 | 428588f66414fad526b581535ffa2f27b071115b288686d07013c854fedb087b |
| SHA512 | 092a80a9a6a2b9c8deb05a60a768981ebfbb0336821025509ed572888b85e8d395a5aa539f79d0e7d2f434f0b9effed31f6c8cef5f9a4037de343582fda1425c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\629af05e-3311-494f-aeb9-b89f7e158b1e
| MD5 | b4e8c8f2b88c7e100dc5950d63957278 |
| SHA1 | c6fc8dba5cec83891ad20c129cf6e509182dbb9a |
| SHA256 | 35e5157c76290db5b59140f352273e97df25f3da9c4478ad1abd6033c8c5efa2 |
| SHA512 | aa043d1a620f56e24afdf16eb11af22c300cf35c13c4b7ce5d5025a9518a6762ff91639d50bf506001152fbd1a8d6a6da9686a3e47fd8b3f5cea0f75bfb5d25c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\dca821b0-2807-4ff2-9026-341da2c6415d
| MD5 | 119dc7291d5087ee5b605c17e71d6c0c |
| SHA1 | bba3f010319662bfde956894da48f5632a6f6941 |
| SHA256 | 07fe54cba46554004234774034b1996453ed5e1469fb4d41bf5e4a9f848ae755 |
| SHA512 | f13d3cb269ae20de137b3048cc7b217af15fd378ad477bc78ea22c22ab375f9210799bdcd618460be7fb9078284db9a50ed5a14fb644ad8ff2d103025bae95a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | c09e14712fceb847b7dd6bc434f9bf96 |
| SHA1 | 411f88cd1df0db05df389e38d50e042aa2cd1d8f |
| SHA256 | 59338c47345d89dab532828d55085e8e68b0127e7b78872554ad073676236f9b |
| SHA512 | c3ea66366b98c6d1194c038b0e132f6c95bb39a267f20f2decdd4d1cf6d3b6efa5c72845da4bc5c82e994b582e839748d7a23dad4873232c367de84de25a0aee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs.js
| MD5 | 99a524bf69dc34f70c27e5814ab39b06 |
| SHA1 | 08da39c942af5218aa971ee1a71922497faf2c91 |
| SHA256 | 00f2c0f9bcc734c95e3d9bce6aed07a41c7293c6db3691111a0bcebe22c4da65 |
| SHA512 | b0edafb654efd12dbaa33db8b65e051f4b838be0794cd37179b1273dcf860d1602540240971f97066737dbe0197ccbd0052f8bff198a4aef9d17536b8d5fe639 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs.js
| MD5 | 39621aadd055be32ae7ecdad4826f5a4 |
| SHA1 | 67f9bf2fb69fe37f2a81afd8f4ec70fd357da9bf |
| SHA256 | 1970da2176a612a4e4513c9f14bdbff681a1b900f41ba1c884bef088c3f5200a |
| SHA512 | 878eb79fc8dc8f87aaca0054589eed88f19b15ecf8202c63025c071f8cd8f061ba94b3dd88cb4db8827fbdb788722a6c62003a186724e5c32f790df8ace304ed |
memory/2724-194-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ffd8c2ec63149bfe4a3ec7881f1e1204 |
| SHA1 | 8311eedc745d5e6bf54868afef326f54bd10ec63 |
| SHA256 | 479b64165308bda91e9fbae31f972e00c280b1c07dcdc447ba60607b43344f48 |
| SHA512 | f8a230286c048723ff6f268284c2f588c185a34aa4c8357aa68c8d6d61ea9da0c3409fbe35082d395e33073d7aceb9368b04a94ad67b33ebb2e125d06ab382be |
C:\Program Files\Common Files\System\symsrv.dll.000
| MD5 | 1130c911bf5db4b8f7cf9b6f4b457623 |
| SHA1 | 48e734c4bc1a8b5399bff4954e54b268bde9d54c |
| SHA256 | eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1 |
| SHA512 | 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0 |
memory/2724-216-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2724-215-0x0000000000B60000-0x0000000001128000-memory.dmp
memory/2724-220-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2724-219-0x0000000000B60000-0x0000000001128000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
| MD5 | ee541e6926f62d4101f0eaf681dd6e8a |
| SHA1 | c190034f46303cdce4ada4e33aca644a539cdf43 |
| SHA256 | 4842c1671d1d85aabbfd489c7d821dbd663d0986c3883a9df1031a0211163c67 |
| SHA512 | 800536fb698b8ac5c8d766afb54d1f255ce110187a5f52aaec90ba01ab3f9b8c578aae57ef561643cc660a04cdb0a3a7cb70bdc63716136f0b8514b4b10eee21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8bf4123cff6f422810cc2c9faf7ac982 |
| SHA1 | 2f34b630ff52cd7c3e4eed76f617509ffa842c30 |
| SHA256 | 995fbb24e82e872b1c3b48af5ef2448040fe66ad4434eef15603a86e71e127a2 |
| SHA512 | ba3a28d7a42c62af04740a65b3591f6f7e0a25380b6cfa92d2f228cd739702136c6410798600805614adf6db693d4025218d51536a7ce2f0addbac50dc6e646e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
memory/2724-311-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2724-343-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2724-342-0x0000000000B60000-0x0000000001128000-memory.dmp
memory/2724-344-0x0000000000B60000-0x0000000001128000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-02 14:57
Reported
2024-05-02 15:00
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ed6dcfe516c20b3c4e309f2529f456a5.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\e: | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "ed6dcfe516c20b3c4e309f2529f456a5.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "ed6dcfe516c20b3c4e309f2529f456a5.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ed6dcfe516c20b3c4e309f2529f456a5.exe" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\WOW6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "122" | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe
"C:\Users\Admin\AppData\Local\Temp\ed6dcfe516c20b3c4e309f2529f456a5.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.0.706957914\1524673899" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {201e82e5-765b-4bbf-98e1-c372d21adca5} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 1900 29751623758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.1.1782322122\615773550" -parentBuildID 20230214051806 -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c27d9f5-a94e-4f46-a3d2-0517556ecf6d} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2492 29744885f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.2.484311824\138045719" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2982e80f-2854-4284-9a13-a70431746299} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3008 29754558b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.3.2078606294\200376141" -childID 2 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c040b44d-f27e-4b19-9db9-09ed597f4c8e} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3980 297561c9e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.4.98373549\1568734183" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5072 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49ffc94-b007-4871-bd7b-6ad856420232} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4960 29757edbe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.5.1462371310\1982276022" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08290798-cb0a-4d39-a584-7b3decce5068} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5224 29757ede558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.6.745831938\1352091709" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a78657-911f-408c-a1b3-44c282c6d1a1} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5416 29757edd358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.7.1250061811\1973740094" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5e5df31-5119-47cb-a9c6-5767079a5811} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3092 2975894b958 tab
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.79.56.45.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| N/A | 127.0.0.1:59403 | tcp | |
| N/A | 127.0.0.1:59409 | tcp | |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 18.239.208.2:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | 133.27.61.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.250.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.208.239.18.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 169.61.27.133:443 | registeridm.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
Files
C:\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/3872-3-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3872-15-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3872-14-0x0000000000640000-0x0000000000C08000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | bc3a29e4033ac311fdff7ac0a4116a76 |
| SHA1 | 186fc5bfd86b9ac8642a1c708b8bf7ee69f9ec3c |
| SHA256 | e23afac1319e8362eefabc599539effe236a231857bf63c7bde2d1c32b7a20e5 |
| SHA512 | f7fe49f2d260efe1ab92b3cc913ecfa9fcf109a394e9a649f5a611f727972bf507b40df6be3016a109a94c8b8c78e5a9ca1228e68d00b7524451b65d101ae80c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 791fd8fa3a20f6f91fa85adc126df745 |
| SHA1 | 458a99b0cd87b5bf61974313247aa3c6a34b38ec |
| SHA256 | 9d4c9b25703e0dc6ebdf16befe4ca46d98970f4a02192cf2579aa5720d8cec1a |
| SHA512 | 83322ef371b85b07eda7a6c5b07909c80670ea88caae4a57b5bc6ff3e55c481fe8e32c8dd3099b59936a21356e5c6b7cd28b84aeb0af7002177c7b561119e806 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs.js
| MD5 | 1d674a9357e2b6398c60116bd79fa8fd |
| SHA1 | ebe39b4b7e72c9d9aec749dbbbbf0f602ead6185 |
| SHA256 | c5924c90047da70a6241069f5469074b2f2e605f221ec5200f75856e5bad49d0 |
| SHA512 | 50707a82766ce2701e87ec4975c13b97085f6251a169a82d5d9032e7210fc768a5eb81dd761c484c7463f0061cd2096c3a5101fc9d13b7dc629b0c93fd5065ed |
C:\Program Files\Common Files\System\symsrv.dll.000
| MD5 | 1130c911bf5db4b8f7cf9b6f4b457623 |
| SHA1 | 48e734c4bc1a8b5399bff4954e54b268bde9d54c |
| SHA256 | eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1 |
| SHA512 | 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0 |
memory/3872-134-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3872-149-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3872-148-0x0000000000640000-0x0000000000C08000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eb3cbbb0a57b21951766595fa79867c5 |
| SHA1 | 40f8e6ef306b3d6c071c09dfbcacc200f7e076ed |
| SHA256 | 880435f3f56d13e3d4e34865cc70fae085f5087907736c3e85855279140a8236 |
| SHA512 | 281270441148b87f28d297165616563350cb770fff5f5a1d387f759f87ccfcc729ff6f469b0572119d155d569cff4cb322a255dea5fc7c61da9112b3f0fb6a8d |
memory/3872-155-0x0000000000640000-0x0000000000C08000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs.js
| MD5 | 58e51abb04faf66edcf7eb94c68f13ce |
| SHA1 | 4505e286eae94e4ccb4b5f6d5a522a5494e195cb |
| SHA256 | d8b1546e1f5399b182bd541a4c5b2ffbb40e9abbcb938be909b3d224b22aaf6e |
| SHA512 | ffab7c63f088dc372c2695dd22ed64f594591a42cd3c30b187da9bfa69e13799cb254c609e543e416a8cf35006b211764b84433e0180fba5c2fb92a10fd314a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs-1.js
| MD5 | 41733c80df131ca6ee1b3590843fbadb |
| SHA1 | 80437546cbaf5e7a2a73dee9b545ee03b36fc8e3 |
| SHA256 | 5b5bc24ce90f6084426b1a187f77f8fe8de2901ca69eaf0b8598e4d8b04498c5 |
| SHA512 | 0d6bf41c61d5d4973db2c320f03174cea735f7b1c2a27740cb48ecbb2131056aa21827ffebea625ef049b590a1773755911fc69146ba52152bd7d212d6eee48b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
| MD5 | 4cfd7e5f061604a8f73967c279d6569b |
| SHA1 | 15678dfab8b14028976653018c523d0ce33d52f5 |
| SHA256 | bbc7d54083bffad934c3da09d7460b59d08bb5eaedd9b4ee9f7d6d5d7423a3c1 |
| SHA512 | 83f36df90b193eaba94c2aaf8fd4cb6bbc5a8d965ada6fae8ea92e609f95845a5f7917107cde49256ca110d92b778b7d9ec36ff1710cfc3d5d0f1a1df987954a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs-1.js
| MD5 | 4acafadf2433171fcca763b1496d7189 |
| SHA1 | a521f833a61a91f53ee0b0c86d3aac62811b59cf |
| SHA256 | 1a0cba5e2f13b88d307b556323450d6a036e75824159759a556a806f89a8778e |
| SHA512 | 60239f0ed7146bb32a70530852a0e1ede60343760875a7ea4fd9c207b7a7347b3d27b52d77ab84089914897122a4d8f3042a34b0b648493162cc2109f8248bc4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | ac75a264867d3b8e89a48d9550044316 |
| SHA1 | 0420955ff45b66890dc68c7ab3f92e0a217a334f |
| SHA256 | 668da17a51afcf77127eed42162bd6975b4abacf4127a19b9d68ad84b19f84b7 |
| SHA512 | fb692ee0aef34b423d5d373c4d337408baa607e8b589fb2a2004f22151dfc03c886256f345d1abb5bbe82f25d08cc0aae6c8a65e10a8a88279006db95cc7fc74 |
memory/3872-2151-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3872-2150-0x0000000000640000-0x0000000000C08000-memory.dmp