Overview
overview
8Static
static
7Hone - Installer.exe
windows10-1703-x64
$PLUGINSDI...p.html
windows10-1703-x64
1$PLUGINSDI...x.html
windows10-1703-x64
1$PLUGINSDI...app.js
windows10-1703-x64
3$PLUGINSDI...uts.js
windows10-1703-x64
3$PLUGINSDI...dle.js
windows10-1703-x64
3$PLUGINSDI...min.js
windows10-1703-x64
3$PLUGINSDI...ons.js
windows10-1703-x64
3$PLUGINSDI...ics.js
windows10-1703-x64
3$PLUGINSDI...nds.js
windows10-1703-x64
3$PLUGINSDI...ies.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
8$PLUGINSDI...der.js
windows10-1703-x64
3$PLUGINSDI...ils.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ate.js
windows10-1703-x64
3$PLUGINSDI...ler.js
windows10-1703-x64
3$PLUGINSDI...s.html
windows10-1703-x64
1Analysis
-
max time kernel
1311s -
max time network
1321s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
08/05/2024, 23:30
Behavioral task
behavioral1
Sample
Hone - Installer.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/index.html
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/finish-with-recommended-app-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/template.js
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/windows/finish/finish-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/windows/finish/template.js
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/windows/main/main-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/windows/main/template.js
Resource
win10-20240404-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/windows/modal/modal-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/windows/privacy/privacy-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/windows/privacy/template.js
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/windows/progress/progress-1-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/windows/progress/template.js
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/windows/settings/settings-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/settings/template.js
Resource
win10-20240404-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/welcome/template.js
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/welcome/welcome-controller.js
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/progress.html
Resource
win10-20240404-en
General
-
Target
$PLUGINSDIR/app/js/utils/cookies.js
-
Size
1KB
-
MD5
6c60e675f8c8c68c0174b644d3a63a2a
-
SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb
-
SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287
-
SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 4340 firefox.exe Token: SeDebugPrivilege 4340 firefox.exe Token: SeDebugPrivilege 4340 firefox.exe Token: SeDebugPrivilege 4340 firefox.exe Token: SeDebugPrivilege 4340 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 4340 firefox.exe 4340 firefox.exe 4340 firefox.exe 4340 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 4340 firefox.exe 4340 firefox.exe 4340 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4340 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 2084 wrote to memory of 4340 2084 firefox.exe 74 PID 4340 wrote to memory of 1644 4340 firefox.exe 75 PID 4340 wrote to memory of 1644 4340 firefox.exe 75 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 3436 4340 firefox.exe 76 PID 4340 wrote to memory of 1252 4340 firefox.exe 77 PID 4340 wrote to memory of 1252 4340 firefox.exe 77 PID 4340 wrote to memory of 1252 4340 firefox.exe 77 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js1⤵PID:4804
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4340 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.0.1953389504\752696341" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a1cdfea-cdb9-4fd2-b5a1-d7506dbdedc3} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 1764 223c9fdb158 gpu3⤵PID:1644
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.1.581177280\1366633636" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18f71b53-833b-4809-9235-2b05e2ff5b5f} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2120 223b7b72258 socket3⤵PID:3436
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.2.299479319\1852512223" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f7ca79-a05d-48fd-8068-65f0c61d2523} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2956 223ce1a0158 tab3⤵PID:1252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.3.1936062778\763213434" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13813b88-36ad-4bc5-bfa4-985d860037b7} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 3500 223cc99b858 tab3⤵PID:5072
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.4.392952536\1348876317" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3628 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0b91e03-87dc-431b-9c8d-a1b8fb690b54} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4312 223d0068e58 tab3⤵PID:2300
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.5.1504639857\335946413" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c2ad8c-cb08-49de-b738-37fea0d9f8e3} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4948 223d0b14858 tab3⤵PID:2204
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.6.1565036666\997746167" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6e5201e-c61b-4c4e-8a76-6d74d5063b83} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4968 223d0b15458 tab3⤵PID:4212
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.7.34991625\192674265" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cafc2c2c-676a-43f2-a608-4b42e7431315} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5384 223d0a59258 tab3⤵PID:2232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.8.459955568\421940158" -childID 7 -isForBrowser -prefsHandle 4300 -prefMapHandle 1552 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e173d3ba-20c5-49eb-9dfe-2ad98c9414c0} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2492 223d1bb1e58 tab3⤵PID:2220
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.9.1103435890\470209087" -childID 8 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5836391e-8f6e-429c-9cd6-d763e27e9697} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2552 223d1e54c58 tab3⤵PID:4944
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.10.109668219\948067339" -childID 9 -isForBrowser -prefsHandle 5804 -prefMapHandle 5808 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d11c94de-4913-4730-91ee-e88854cf1fa4} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5796 223cfe2d258 tab3⤵PID:1464
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.11.1640186989\1567315873" -childID 10 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99385567-173c-4a17-9d44-07133ce6ce64} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5932 223cfe2de58 tab3⤵PID:2912
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.12.1601616109\1925820300" -childID 11 -isForBrowser -prefsHandle 4152 -prefMapHandle 4352 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ab0d58-877e-4be8-810f-05f0de67ef5a} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2668 223d1efa258 tab3⤵PID:3776
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.13.1249120504\2011680548" -childID 12 -isForBrowser -prefsHandle 9152 -prefMapHandle 8492 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b18da68-7ac6-4cae-ab30-253a0f11dfd8} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 8424 223d38df658 tab3⤵PID:4492
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.14.267348966\236922712" -parentBuildID 20221007134813 -prefsHandle 9164 -prefMapHandle 2760 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49fb4df8-6128-42a4-9c42-8ea72c30a3d6} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 10076 223d3910858 rdd3⤵PID:1932
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD50163034497311edbb6a9e184f2af5e99
SHA1cd9d81bc3f9230412da2c66de91ae70ed74d9f27
SHA2562bf29110a9c6625685601a192059487f640aeacfad6cd8619ddc067bb6684407
SHA5129de61fca12b2b076704ee00082c2223e16d647d15c8cfd57bc4a1345c41441ff3afc9f580873d9c94f1883b51c7549fe0c2ba87f295bf3f8c819257608fd0998
-
Filesize
16KB
MD53d2a10a261b24db26a454d548e780061
SHA11f40ddcb4f9f4ce9d14079daba9c4822a448b36f
SHA256d7ce83315cc630831f4bd52f72d81fca6e2ed480bb5920aab64aa163571f8aee
SHA512f382d0e88ac294a3e1b4e62bc1060cab704dad0a3103856eba1153a873b6734131713f6d433b20c0af3da5018b5430bb002b0402347ea42bb8538733ad15a4cb
-
Filesize
16KB
MD57d04f0892a68f4471716a28ced6572fb
SHA193421f1a91fde564dbd488effa50cf14ab58cfdf
SHA256d3d266013009fb864368e17e8d7ec1d9e56edbc4db5b738c8e069e6ab80c6229
SHA512e5efa65659c1fe2f8c700184a19302645aa80a223a0d74d00616ffa310cefe58c09d3e293bcfd8fccf302f797c93b632ddada0472cb44247b6a43a971f367b3d
-
Filesize
16KB
MD59965e04f43469413a3abcdb2f90f36fc
SHA134cb3ae0ff405c73931ce6e6e5ffa4f9294777d0
SHA2562335ac7bdd48d17d8c8db8bbdf2b26369fc32d34b837f3e7d4f77278214e73ad
SHA512c52981ce9b836bd413b0d68516034a9f391ab8e2353fc6117a4af916714e0e2e6f74acb1782ab7bddeafc2c3f86fda9edf625eca14acd1a3de9c3ace2b65fa23
-
Filesize
16KB
MD535c9acd0988316f2bca6aaff094e00d1
SHA1eee8c4e1b55720e099714228e92543e613e20afa
SHA25602a3cf1ef4d2556d5bef3d8b9e5a144cae194d3ef85293123cf60c1270c33e0d
SHA5125a10ae73362f914a4bfc879a868cd88df66915d9d36732c2fbc4854382f783c8c4c8dff3c27a26cb72654eb1c7e9433d7497f1ec18bb25817bceb662aa30f905
-
Filesize
16KB
MD5927f55d18d154cd04cdf469206df3efa
SHA1a6b984b7f5c6b042f98835260428dd2f8711f494
SHA2569d6a480c21f35379b8f540283ed1c2162bb4a832cdfaeea518f50a86f1dae60b
SHA5129c4f0781c49219f5e6d0eb05a846d34931acfc861a7e8b67dcab6e24eda37daccab4695e8013dca530f703f6b4c201b95027c5ef954b68694effe072e81e5a78
-
Filesize
16KB
MD536021583f43d6b79f18e0b9261e9e5cf
SHA190dc186ba81a232e2c53864d58520b6e87478b22
SHA2568feac1eaac6106d050d886d28ba96acba5c65d5217bb8b881eae06796282ca40
SHA5123ff582bb6d3825a18d5a195cc03d6534439ae46ffd9dab46235e50ec60315dde6e2d69f1ffe53216f76ee06401a1a6849c0d284383fb68e3f42dba01910eef8f
-
Filesize
16KB
MD55e8725e203bd15ff5526b709f11cad2c
SHA178f8bd1e27d2365047da2696f8f53bf4ab2082a8
SHA25684eb53135e7f970dc8a35559b3876009e5172ec22552aa64111e9555657f21cb
SHA512ed570d68dbc0ef93270a9c01eae8f028d45880bbd3f3d3dbcbc679c65db4f97567e09218e749acf60a4c8cdea646434d7d1f5593f5becbecddbf2189ab967b15
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\42FBC92BECB6C579184E489E280F0F4B3357EAA5
Filesize131KB
MD5b459fc03afba11f81b5fd9d68e71186a
SHA1162d664e384e40a99e42efb1ed145b72b2ccf714
SHA256a82b806952b44fd7cb5de2302d51c125110b1ee9816160d0fae064cc1539163d
SHA512d9215549f8987b357da9a58eaab9536c1b4b18b48df711327971ab71c603537730f566016af8a78450e3c4640b8fd00c4d37dcf66f3f48638bcadc03f63ca1b8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\639028690EAC90CBBCD6DD68DA6CE11697C3C461
Filesize124KB
MD5532eb18db9d73dccaf52a77a727a95ae
SHA14ac896b829a8bbb79e75b691561112113b92e746
SHA256e430d0d91c46323caaaff293291c670db1d930c4fb5c580a487cbe81602ecacc
SHA51284da0965dcd405b359ce601cf56af3a8bacaec5acdc1e869d0cc014d93fb8db97eb14d537d9727df677fb1e38050e0a1f5941b40e22b7288d3db13870018f83b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E00BECD303B77CED95A357A7A1E4C8D69B473C88
Filesize208KB
MD5018263ae0b1e9e029a1cc36e65f7fe7c
SHA14827f4de8e61f9b76f8a85a42bed3b2a287d5baa
SHA256e927b66ac01dc27652a1c3a8cc16b302a8676dae524435865f2dd002dbc6d57f
SHA51234e809cd1bb133a6508788f5cad0b21b9a549ec9614262bd8ef72835abbb5cc11d33b7c871b5d687604712a6827dba92b919c3b68f666ce6964402c7fbff919c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
356KB
MD5f66d14540349e2820cba7569f707635c
SHA169178b72350607149fbc660858662cc36d0c0148
SHA256899f123e598fdea72258dce4a074eb6b9d9f7c49bfeadb76f0dd88bb790a0e94
SHA512fe5de9926ffd89a5d4cb0cd9a40ff60a46b610be59f6a1c5bc98982564a96f3338afae471d3cbcffab858e1235c51e0968426c2a56d716150633900a11e70c74
-
Filesize
128KB
MD51b584e628b6501b666a4867a6c615224
SHA13d6bb397f06e4651137690304390328a8f580b95
SHA25600ec0cb3f537f1fa9775726b0f5c646e91476c7c26f5b9e50a4cc17a724038fa
SHA512774d6c1770cf8de3fc08bff493284cf48136d410e44012f7f6077eb1554569a4dff00f26b3485f2178ac766fa41efd2ecbe8d82699a1eeeb2b1bb20d487ed6fb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5cf065e8aa4ac4f6e4089bd6dc0c672da
SHA1510df1b3b9b21e35bd265ee62ac7a36fc6d3f667
SHA2561b09e674503ca30f7b80fa66ced4bd05dce3a823278a1ba25e6f1ace4faea490
SHA5121d88170489548d5e1b24163013d1d071fc691bf35964fb3a9ebe2c22628e9dd4c056df52d33c5f3329056d39329ac76be70f83d30b7dc7865357dd956426b27e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\ab701757-2943-4412-8845-396be43eaef1
Filesize10KB
MD5289033529b030b519c1f0c14d9bf7e95
SHA182934c6c04f0f3072fb47cc867fa3bf7a5713f9b
SHA2563fa5cc295a09ca491be1d53c5cf7ec2251b014e0ea966856c56c8e0f36934acd
SHA512a65593692fa47c3b9fd681f4297c3cfbbb99563a59f1c8fde4f540b5fabf3db295a5539bcf03a701b1789bd25539143c36633f58d58a595bf5e665410d6b016e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\b535c775-ee9f-40dd-9ec0-207c43a0d273
Filesize746B
MD506c593a1dde7e586f673e8feede8e55d
SHA11fd6b50a8b88401fba430b69c3b457a064a89b20
SHA25612303af6de2124edd1389e9161a75189b43a23d6c7de483844f937b8719fb2e5
SHA512fe2f4441e0f1d0f50b11bc5ab938cab2638959831223d66e048f55cc1360e374252c36226c65dccc9a610021f540c089dc5d5a7045adc446ec9e502a364d3183
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize128KB
MD568a9104bf26e9f1714e14c9de411c866
SHA16943f123e03bcccc10227bb154fef2fe6b91091f
SHA2563a679824e92b961a0c71dbfcccf0fb4f6929ef74de2a604b0cfefe8369d0f295
SHA51207564a603ca6cb289c3d9667c4a561487575db6bf455f79f09f98c598abc0731a2e2435368bc4fa91d905e10ba266f81e7d4f30ef7215464da6a33ca52a86f1d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize128KB
MD53bec5a0393b8eaa07500e6425c649089
SHA116b6dd92bf3b124f9e474d21f07abfcb678eed5e
SHA256c8c48a9f730c0b594c2e4f0d41fddb785e555a7a3b8c9f2b604703b89219bb14
SHA5129f9cafa7bb5b863a7466d719c902dc7723d3a3d09b9a76a471bfa40db6d8a55ecea96f0757dbe83c713ae2687edad0edc44128d04cceef0f080c825924211866
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5765ff5d88cd6b3f46f4da215c9ac7ec7
SHA15d658b18f78479773d274017b646b0d58de1f0eb
SHA256b0e0cde19dfde2d4685bc5b8be3ed0ec7970d81947085afea8f73c228b234a80
SHA51264024da1f881b28e8280a381d1ff012874b7d731402a5f79734d385eba91305e9e3c6778b2e35fcb09a7702760357faee3f53a887863bf3473215184b21b1973
-
Filesize
7KB
MD53c261e3deea3f2040b4e0fbd24a4962c
SHA1a742272742e587da3ec30a44e6e9ad4837e5b89d
SHA2563926879add621d364751fd79f3fd32cf116f43b8d067698ca75af896e7a09e96
SHA512b2a68eb9cf7bc770506c968c1ed774a8f51846a6eac8f47afa43c9f5edf7bd018162e72d2c783e1d1947ac0cc794b2c060194ed9bbcc1888350298b6a5462a2c
-
Filesize
6KB
MD5c11ec3ba91c3b046d64e9186f686ea51
SHA1e25e499123a8f10d38a49c579e6955f454eebeb3
SHA256594029f5073a4ab15de9e834e6f87bea4a4933930bb5c56a9b25b0410db3c4a3
SHA512db6a27cfdfa029cf8d2460e070cf2dce969ab9b304e019b4245827a3a6cd98a052fb5a8b185553eb829fc43700ca3fedbc0bc7c9a4e19e00e79a417571e354a1
-
Filesize
6KB
MD56f7a962a6d57d30f31a53e482c517045
SHA15461c7ca2ce07cf17680cba421c14ecab35b514c
SHA25685d7d562c0c4f04714f078f310b2d9966b30f215492a4e93d83a23b271e3d37d
SHA512885fcd406aa5921790431d105c7c37884581aa2d384169495ae47d8f016db84eb53f8eac2b3f35ac2e4899659c3f616586d94c5fdf2bcefa8c2b6f6823476131
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD527597897f94fcb58668b7d2a0c043277
SHA111c28d04aa4adc7e81a2cfa366150beaebeedf69
SHA2564e44060dae2b1f3face6253a9ed8f48f958b0bb775b205d30cad816c52b27036
SHA512af1f572ad6e5a695de87f0f08abcfddf35f4ba5cc0bf13e11d448b763c2b7578fb452c9498e4a91f9c913c3699058ce4ce9dcf335ccca1b42aa88db9443232df
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5dc7f05c488630843558264f28977f4f0
SHA1b50f32a39d6a0241a9b5afcaebf0abb91780da06
SHA25653a9f20c6039585382d4673861c660b9b372fde15f924291214b0ef76f4f741b
SHA51234b98aa09af0ca0976f05f9ba97d81d903499c996b25487b1c2491a610ee95f39dd8bbf98cd02bbf3ebdda2f91ae47b537cf12b7b3f363f8425f032c4924c0da
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD5e0eee5ea3e89f14b482ebb105145f46a
SHA13a558facc479d36a5151acbcd85afc4dc1929403
SHA256178978cc23dee6156db4c32adfb3e68e57d7f1a3e7eadb349e069ff3404a4a4f
SHA5125f880673b261da058dbbf49eacd11b1d8455ea8478e9371c0df0047de6991de82ba84d3b71a588284519f4e439dc4a9470f48bb83d79f65b01704a85fe0e011d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5caf4ed8d36a34028b03dc6e958b3cfa1
SHA1b76ffbfad0212f2b45bd5e110f9ba8393ada3726
SHA25627949fa04959975ee25903389830ef2d8432f0fe55d097b346d99fbd872c1d71
SHA51209fa8b363cd2ad0538da5463348febb07a69033d13fe8ddc605f4f764dc722e5de44a3aedcf7cb8552e04b78018abef0b1647cba9be8b51aa46aa672f1e15fe0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD5450fa2516628d1cb021b66ac2a345130
SHA1f081797766e20835f01dd5838824f3d58ebd97d7
SHA25615fab62837ca5f433f934ffbd7060219f061afd4c46e95e6c7a092f430253333
SHA512879df21548fcd8bd408f59995e51634fd632b5a140d848987059e57771e111d89cb42a04ab6be8ce92a4f4ef74181708ac2eb4975a7b258f6c3b8b7991ec1173
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize6KB
MD5359bc828aead9343a3e9936932ac9cc5
SHA12980d2d186b48387914660e26d7ea91c1f04f6f4
SHA25634ae46cb23904c7640f2eca44cb5bf86996a03f3ce1d2cd9bc952f6a59d27968
SHA512fca3dd39939effb12b9a34ac2185e024d6c74cdc0fa8fe8f8b68241e60a0c1be4fa07cbf962901adeda1d23af2a350dcd29c6cc60f6f9306541eef04e438c97b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD541c4d3b985769e271ac04c98584aea72
SHA1920e689a2247de249315c54611b95f9e60897cbd
SHA256a14b614b50aa16ac6bc08465c5be8d7d56139bad76ca51f3a03c2fbebfa46e13
SHA5129827486ba32bd8b934202e801e7217363a606a662a5df0e2f89ae3d91f78f121be802abc011939ff085a4c82d06c671ccf672b08c7e04333ac62afe7135fa3c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD58ba2e099e22276cf93de250e987057dc
SHA1cd78619144d1e8f216e77dfd761ff3114b4cb527
SHA256046ef0456425c5b8864b1c0a33db8b3461d8a61b0719a5fadd4f391e6fe16449
SHA512692711564f87a30d895fb5972d2679adae5f26947b770f420121d80438d781ee33567f6b2b209a2401feaf96e11124aef2bf25936d43f6e649088be6414b8924
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize17KB
MD55217bec8425db4c08f6b0b83345686fd
SHA1e43bd75b95b8666298ca2553466eb8dff126858c
SHA256653941033229db9d060b94a0a4603b154093282d7b0c8d21a07b500aed6dc743
SHA5124035f81e2dc54cec39bb977b379d64d824001409b9b86e583ef0eea3f2ce45d5581ea69cdf14ff5c566c801c80cd1fe487d70262d60e842942eec9c66458aff2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD58b2e0cefa1ae19a1a60e90787e67f936
SHA14cf3d27094d1cda0e6ed4a106ecd849087681de2
SHA256b33a53265d015a052caaafc1a74f0d75e29b89b1f0aba3f8cc73d94306eca4f5
SHA512fa9248f5f7111683e46cb91bd2f43fcd76aa418283b98df60d38d985ef9e68e62846b49d7d3775e214144952f831f7d07a934a98b760c03540e3d82dc3e58b4a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize17KB
MD53b85cf84548809b4faec8dd410f0c0c6
SHA1db41b44a892102c6d605aad9f3c56f4cb3217f76
SHA2568bccfb765dd6f6ec9872df9019cb2bc3ccb70d8f65598a5a3796d5d2e094bf95
SHA51298ca399651c8d7dfaecfe27fe495f4d540895612e4554e0081e293f9e57463d9e947efe8d25ed6c5ffa874d98480fdecdee3e9d6dcac34fb727dfe5413ba5638
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize13KB
MD5676cd77c6fb893bc86369cb2fbe2e12d
SHA1cfa315f9b1a5eef159970a2d38a37b5134b30089
SHA25631e8cd80949986ce01fc75dc79b700f9e0c406fba36ec33cffa1525687e194cd
SHA512ef5b231da2a5d54b8f9b439ad290c8ebb1fab3f32cef99f6ef96b5f6e44527884386958ff68a37e690704e4b3f84b78d848a2439ce30a05249a2ab52fe676f12
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize17KB
MD51311b9fe8394da30f296307485f267bc
SHA15b0f8cd4f768637c43f4a1419be8b9d4fb6fdff5
SHA256c4890d6e5a06aa94dfd6524dadc25d95c4bfa77ad8d704e62f8b1850e04a4e4c
SHA5126de51b265f0c0cf3651e51f0bb70aa83cbb439c38807006e0db0d2eb5e52e7a3c628411db552d180609d9da2fc8db41ab4727549f41349fd5324c785cd05dfb7