ec6878c05196b2bd85796a9b69dd4d76e36f91b9220696a5a4a6f1633412accf

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.2MB
MD5

62bb0c12c38ed88d6de4e6fc5d769ba3
SHA1

73282ff435b02089e9c776dd4bedd0d67a0582f8
SHA256

ec6878c05196b2bd85796a9b69dd4d76e36f91b9220696a5a4a6f1633412accf
SHA512

a4906f77454574245e10196133f8e6ec9dbfb49a8722c5e9d23eb0fe76383e4bb389e900fd921904f9b7b6053f57750f9e9bc03354ec4c6cd855c74571ebb0e1
SSDEEP

24576:kqDEvCTbMWu7rQYlBQcBiT6rprG8aXT2Sbly7TWEPje:kTvC/MTQYxsWR7aXT2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	file.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4344	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4724	2232	file.exe	86
PID 2232 wrote to memory of 4724	2232	file.exe	86
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4724 wrote to memory of 4344	4724	firefox.exe	88
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3172	4344	firefox.exe	89
PID 4344 wrote to memory of 3176	4344	firefox.exe	90
PID 4344 wrote to memory of 3176	4344	firefox.exe	90
PID 4344 wrote to memory of 3176	4344	firefox.exe	90
PID 4344 wrote to memory of 3176	4344	firefox.exe	90
PID 4344 wrote to memory of 3176	4344	firefox.exe	90
PID 4344 wrote to memory of 3176	4344	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4344
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e93fec2d-d197-40b8-8094-ac1613c5476e} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" gpu
      4⤵
      PID:3172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11389a02-c1f9-4b0b-8929-90e669c706c7} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" socket
      4⤵
      PID:3176
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3288 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecd3b7e6-4dfa-4a60-a97c-b74b8977fcc5} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" tab
      4⤵
      PID:1484
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3836 -childID 2 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b3ba9f1-0f8e-4c9c-97db-8826f5f42fa5} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" tab
      4⤵
      PID:4852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4708 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e850b31-715e-4ff6-8ed4-7ce473e0df78} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" utility
      4⤵
      Checks processor information in registry
      PID:3980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5244 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98a7ab3f-456e-410e-91d7-54a1efcf29ae} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" tab
      4⤵
      PID:4360
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {246d14ef-4073-4eb7-a7cf-ec45157794bb} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" tab
      4⤵
      PID:1816
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5676 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba1b342-7739-4a2d-bf08-530d91f3eaf5} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" tab
      4⤵
      PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
84f177a3829228a9e33a2d51544362ff

SHA1
63f0619937b6890f01312d7f45a9d98dd1ef4591

SHA256
c22863aeadf03de399898267df725840c5da7b862c7733e0d550ff8a25572bc6

SHA512
89c9fbd6e408a1dcc6e1a4995314ca23fe359887f3d1b2c10e00ef045f747c8979f16a4cd42aab660f1ca071aac5f2c969e6967190dc501fd0528da3343e4733

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
f0654b05b9dc7efbdf084414d5e93859

SHA1
78b67a372cfc8f711ce8bc09d9ffe02a08aff04e

SHA256
26d9a3dffb83b821baf62334eea77dadd037874b4e070727cc51d8da0175d3ab

SHA512
a3a9e76a1f5656bf1c1529abd04823dcb737e19c456ec21b2ca35477c56596652f6b82fe16a0779b5c1b86a23db8f04911c2bd80024c2d9ac93251ad4270a8b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
d43bc865c897d6b158943bae16276696

SHA1
fd0d88f52685d7c38c60974628a2889e5488f639

SHA256
bc06a2ed1d1423c21f90042895b5d704c4aaf51e287aae96854154d20de35a63

SHA512
e3d1df0418f74a3f0f6d2f71838d15de88a9ca388bbe235d4aa1d246f9573564240f76d248e17f2afa3da5019d216dffedc17de4173d965e15be077e757f24a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin

Filesize
10KB

MD5
70758807cafef61b66c7d276cde85758

SHA1
d26aefa791bb82ab6a5b15b2a68ae0ac6da62ce3

SHA256
8d7aa24afcd58d9697c1bf5aa80e8f7c6458980708eb7a3a11bab3c2349777dd

SHA512
1d4c2a61e2bf84bc4efb55840ca325719bf8da0c40f0dce942b55efb17f51a49b4094a0d92a68c0190c41a894ef462ad7ce2a0e5cf14caacfae5f52ce029ff42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a7bc6b4b2dbb932e26c78af2fcf6f24f

SHA1
5deb62fd8df17b2676275af042b9d82189896eb4

SHA256
5b23a48013bd293eab157c1aa2fd74cbae937e0363167c1def26b4684efb7999

SHA512
b5e384538d637d1c3006097da7737f3f3b0f38e006d0a17ac555c5b318136b83725123e9eb8d0cd901a24b71ba5963e333320ec025084da31b54c9bb9f3596d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
027ec5126900333ef9ef7a23b3c3c8df

SHA1
6bf92b00ab3f03f355160d6094629cbe4d244d5d

SHA256
99ba21910d3bed3a57583239b768980ede0f7ce88d85042d2ce0e1b0d458dcd8

SHA512
53db5a0577f817c9456751b4f92742de11b1854b480c7b533f660747efd8a1f918455caebe97caddf10937b3275e45936ddae351f9a5d247ca355fe942bf20fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
ae33a1f7c2e905c72c53d7078be16cd2

SHA1
53fb1f58da735e134a4acd6134f3d2aeaaebf6ea

SHA256
b0cd80920329970a06074279ebed14c4924a37217c66b2eab5d7fe38660418e3

SHA512
4c9f26956000c1c0e080974a58d762f0b06d82ed6b397508a1982feaae6abc4ae1e5db778d0acdaa74ab9311a4abd79a55b881a109fb8977cb4334a7fc8f2421

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\9de67160-85d8-4ef8-9d6c-b5faa731939d

Filesize
982B

MD5
7684fd927f32e794f3af067d9b16f6df

SHA1
cb813c358df9973d686c789a4a6be5e0ab5306e5

SHA256
97b26dcf7924d59d6276a9cb45cac0def7a2129b209396af8c91c1738308e936

SHA512
8ac33d79a298aedc1f5d6b846a1da0c9dd843976bd3f87652a04cd026998df2b5bac3b8e06b80bd6751c128f7bf264cae3e2f782d6c0290be5318e3303b918bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\a41df748-9955-4724-826f-4a35a8c8e700

Filesize
671B

MD5
8b160f10d970e0e504c209a374d278c6

SHA1
651364a660805f29ed2b0809ce2cb192e1a5c1dd

SHA256
7e48b9d82dff5c36780691080254375e514a58a13b85a79db92b3ffffad75ea2

SHA512
a68ebd74306a02daa38dfe7bbeceb9f4ca93369c4b3e468497cafabf271f79727de52d918a64c0778513a9d0c924aaab80cf12f6ee100ba824e01e089fe77e0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\f43af077-b4e9-4397-97aa-64b0a9073ccc

Filesize
26KB

MD5
d51689f7224a9f9860943078b0c7e7fe

SHA1
50599d6c240e3b9a8f57c625ea035c4012954b34

SHA256
cae63406edc5ed7203a4eaa66b5cd2199018865f5131221c010e1c2eaccd806a

SHA512
74257187398f694b293125c81e8c57c7d65bbed86ccf3539f8a54c2d4ede68da80256dd20f9bad50d309e27ec024434e3ee57d2e0cc09b12bd8f0408b94c655d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

Filesize
12KB

MD5
c70b44a4aa3cfd7c7d4eb5ae009f4505

SHA1
fff7c9c9c264d4ef8570892816384e6465e5b1c4

SHA256
152700a9b98d7786d70d45b638ca4eeae6cfdd4adcd9207d51ccba9fee4037bf

SHA512
aa19ccd8f8d01fad741ee86a8b9112650e400bcd881e8bd3f087cbc9fe1e118ea165d81a12ec5a6a7cc44506ec965574d850820424164dcc3531e5facdd5fa36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

Filesize
16KB

MD5
cf22e41e0c298ba08bc79f99e5ea10fd

SHA1
06141e4552615a3614fdc044b1518dbf80870a51

SHA256
250cb0595305a1be0ee86f6a7449bf3e585e0678f3f20860a18acf0431c30b69

SHA512
29907deb8e3fed24f6ecfc7f1e6f3cdb2c75044b169fdd55f8342bbca668174ebf3c076829ac013160cbcb203c6f12b40ed5f4c45ae43c4a645b67c7780427c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
8KB

MD5
7bcdd4a3ed13b5ab0b433bcd92e3930d

SHA1
69980b41fe1ec7a1477ae8aa80f8f7c049308cb0

SHA256
802613150733df387aaf1ff263c07f01417da6a1caff220c9b43ec5b7a3c058d

SHA512
5bb7987d1a1b8b2193f5fb7d236ba1ef6ea39cf0fc55588c82615fc98581ddb943bed61e36fdddbe7a1e2d1f5defa2f70e91e4526e537cf318ff5566e4100b1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
11KB

MD5
a8d7102866600a173c0ed478b154bceb

SHA1
130262f14e5acea6d0c35f593b845cd4422a9a45

SHA256
7a20e7d6894b07a84b2fa22d3f1cf55c9c1c6fa01b3be2d4aca7af94849c4885

SHA512
75111c1f03e430b19c5593a83de6e64d2663d469b2a3568ebe8782d18fe253b931053b3c4282654e95802a34095776589d581ffdcf3fc8902eff7430bebdc3d9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads