28ecf3bb63c2e20ee4f4142672afdc3e7302924c36691634d9d86d3d059bdee3

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.2MB
MD5

22c9e47f612af8424c2e8f4c142f36e1
SHA1

6b61dbc7f05cbe753d8a803fda567c10441d5d06
SHA256

28ecf3bb63c2e20ee4f4142672afdc3e7302924c36691634d9d86d3d059bdee3
SHA512

60c89d22ddbf72dd28a43d88d85da932b0ac73a61de0239b308a87a991bc8983d8566122a1a690c61247febdfe609a54a1568fed05d583d9e60c8c1df27c16ca
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8aLX2Sbly7TWEPje:+TvC/MTQYxsWR7aLX2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	file.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5072	firefox.exe
Token: SeDebugPrivilege	5072	firefox.exe
Token: SeDebugPrivilege	5072	firefox.exe
Token: SeDebugPrivilege	5072	firefox.exe
Token: SeDebugPrivilege	5072	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5072	firefox.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe
5052	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5072	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 2676	5052	file.exe	86
PID 5052 wrote to memory of 2676	5052	file.exe	86
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 2676 wrote to memory of 5072	2676	firefox.exe	88
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 2452	5072	firefox.exe	89
PID 5072 wrote to memory of 4352	5072	firefox.exe	90
PID 5072 wrote to memory of 4352	5072	firefox.exe	90
PID 5072 wrote to memory of 4352	5072	firefox.exe	90
PID 5072 wrote to memory of 4352	5072	firefox.exe	90
PID 5072 wrote to memory of 4352	5072	firefox.exe	90
PID 5072 wrote to memory of 4352	5072	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5072
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8823e4f4-7ecd-4c14-9b08-8ad380778b47} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" gpu
      4⤵
      PID:2452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e405e2a9-dba0-4ef0-9153-6b483c76de6d} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" socket
      4⤵
      PID:4352
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2836 -childID 1 -isForBrowser -prefsHandle 1472 -prefMapHandle 2912 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d633ea92-8a46-436b-b9ea-30239f64e797} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" tab
      4⤵
      PID:2040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c96e4d2-b31d-4440-a942-d1dbef3a6930} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" tab
      4⤵
      PID:1316
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4848 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4651e3c-cd8a-44be-8b80-9d75a4833da7} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" utility
      4⤵
      Checks processor information in registry
      PID:2340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ced28d-4353-4553-90a4-6d64390c197a} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" tab
      4⤵
      PID:4016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5600 -prefMapHandle 5528 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e4c9b8-bb46-44d0-a00a-7a52f23aed22} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" tab
      4⤵
      PID:4956
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5740 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {940250af-1a18-4eb1-8a9c-125b057da4d4} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" tab
      4⤵
      PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
95e1fc17402259ffe17f5874f3194707

SHA1
e61f24bee99516e2e592dfd0179d9cf300ce0361

SHA256
a48714ec8598032d600b72f49a103b825d95a35943dc5f40c7e4a8b6b995e652

SHA512
71dd2a623d8ceded2b5783934efabc1591e1b3dd99ffefe8eaf26627a5da00be15a1a15781b520518a85a37319870d0a0e55adceb1d1026fdc9f4e3b1caf1f82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
65bf727b723095021ef07b23bff4bd58

SHA1
8722e4999b77375a6878eebfdd872ef66b41657b

SHA256
4a96b66b7e756c049a540aab1369848e697e63f98e58f7e94837937ad8265d6a

SHA512
eb573d1f8d43be5d3627f867ee4846244219b0f4be4b050cd0f8864d61eb7ebf3cc2e34170abb95bb6b51cf28021e76fd141285f270d91a6c516aac1eab9366e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
17KB

MD5
5682a729343639c3325b780e3041bfa4

SHA1
3673cc6c4846cd0992bacc4634afcad9c9e0fe77

SHA256
fbc9a1abec92b803c78767f5d4e565ce87afb5d86c9c5e9328b1c7976a4b7449

SHA512
7372f3f12f8a790984253451faf30517b0dd3e9ed48310202e4a5cd25f4d9a30877c7072d99d03eac9a48a72777fde579dd975fbf5adfbcd3abb84bcff3841eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
8KB

MD5
57f95d2fec60026a13de5aab2b3c83c6

SHA1
8e52f390982063521c8176005fc18b41128a9b5a

SHA256
826da2b02ad25f5779cfa6cddb9ae1fbefba615a99ca5e880c167cde136e4ddc

SHA512
67109866d41b64b4a9873d511574161115cebacf14303d316a5aa2ba54ee3dc312ca9575e7e87bd57ad4a92301c54822bb2a70637cdc66dd90e7b4c175fcd4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
12KB

MD5
d18be449f9c7d20a7679c2cf6d8823ee

SHA1
f82dde4407a7fe79ec2de9c8ae88342ecbef5edb

SHA256
32d240f086b2baa7b66a330acbb997d67a2ea7022df8c1cd4faa39c7ca976ede

SHA512
ff76b6695491d6c366de8d900e0c04905964911e0e62fa2e0f3a85fe06827f441125ac81033dd35a2872d76d56251d5998a708669c4d0533272824b5faf86257

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a4ce6e6b38ca6733a83d5d2d28d445fc

SHA1
02b615df2a431b8cbcab78d1565dc7b3e31c0ab3

SHA256
81b1928fa4ed9530294471cb7ac9880c7cf60e56389e8429bffac8916cecf550

SHA512
f6ee21ba281452d59c1dd85865706de59cfa36d45448b6a407860b4ee33bdd6829204387b1c10a2c6065c01266b9a1711c9f484f2a8fb0f9dd62b247489247c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
d2dbdd27e2e94278446a6fb203a2b847

SHA1
90a431d981f7ef32b7997301bccee9c1c85cfe3d

SHA256
85bd8182f5ccece17a6844145fdf6b6a9bed64fe6ca4051225dab12a4824ad79

SHA512
aea096a63c5cd6e61d449d4282a8ea8ec8c3e3677738830c8ae2e9a4011dfd89e384cfceaec434ee3202510f587f53779753ca6dd553c9cd2b92eff5e3df2123

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b16454b3e061ea6238360e16e4f7a39c

SHA1
06080378d6ba70400af65b328aa90898469b0854

SHA256
62398df5c40d1e398329e1dbcf416b80f1114d354b07c2330a30450f29db3b56

SHA512
7fb613458075cffe27adedaf917264aa6a3e82cdfea9bb6935d707b6c27707cf26f9e167e074855f38c0d05e32d21fcbb488ce5a8ffa63c9bd47f9e95fd1d5b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6110c56fe09506eb4d27a2cfc63a8a97

SHA1
6f66b50d0807ed7b05063e7e46f93a0f367534bf

SHA256
48640425d87822294081544fb8a138fd8e6ddfec50c5e958ad9eb4fd694780af

SHA512
70d222a5e223bb02635682aa031865df3fbac24f59d566995e8bcd5b0b0d10244d02e8c0c0d893dfc00cbfdaee2bcccacad341f583ce47178946f1a1f7f42c6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
dd54a8c61c6f7b26406b04f1007ed9d7

SHA1
10050337a281ae53ba2712c9e052cfbcf9e3bfbb

SHA256
05ead07cf727a14cf20cb3af886c4ccafce4c0a69ee3a5d7353b4ecfb0661e34

SHA512
708c3c54bdbedfc31043fe9f5c8b46366e7d20cebb5c0830196d301155a397e06585c16c5f589f0a4a8b890ab189b1f16e96f441c216853476db522c5f37a2c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\11523bf1-1744-488d-9784-858f5c80dab6

Filesize
671B

MD5
c7cab574b18d77c10b6d2d5751bc3ac6

SHA1
18b41c9156e3527b76305bc089bee15df4d91fd1

SHA256
85a88f8c9564a26920a68a4518feb224e3af3c341aa0bc893a48b8aa9a014157

SHA512
85408385caeb2f67064a7190a8bc58278f6fe0b74722b4e5355362c7d1813dd5102fd6021cfec0f627ac392bb3c716da1754e261ba49763b1d66b104d2325684

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\b843f059-e86b-41cc-a8cf-ab2064ea5e06

Filesize
25KB

MD5
3a812b0edd24a1a31dd9f197b80ed50f

SHA1
392d9681ca8805bc57ce615b9dff5bf6528dc759

SHA256
ab60e270b91ce4f9c209e7fb8bd97321570f9de61b27ce4d2a1525737e19b1ee

SHA512
80a0e7e27af9e91120a2bc1ba634a65cc1b5c6df1c783c5921c13225eea7d862fa6c99aa954475bf0b92a48db5cc4b6e6e0606572e1858289fd4b5916ab4c414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
06b162b1d75f9841a2ede363a620f0ec

SHA1
7953fe3e501b8a3c04f45c38b769a43768eeeaab

SHA256
070e8710bea8a1c59d98349f10abbf468e938f28e8b341914693de1ee199356f

SHA512
8e4bc47aa7d198a611f5b869fa7382acd73228d137edcdf6001f8ad4d58443953cee4f8b0346c6943319c394c5eab4a10043bc837ab7b141f66212257edc5655

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
16KB

MD5
24e0264054d38a695acccf052c438d52

SHA1
227132e9986325ac73dde5421a5abf86c1bff347

SHA256
7117a56a6cff4fa8c4674ce8f736d316bf8641195889eda4507249b3b55d2f09

SHA512
65e7119a3b34cc25afe874fc126952567b25e8adbefe222dddbc431272c295783638b75951e09236bdbc2efc8855d35348be1c964732c76380e02d7bb44e0fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
ed5a44451c6b76e4249524c689c57a0f

SHA1
cd4d626102f721b7b5ddebb64ca2ac50413a15cf

SHA256
9271336b36cee87ef27e9034e55e492c2ccc98ca79e7fe30a633eae816b3f1fc

SHA512
3f0dea79770a3dc0b58bedc3255643f4cd689a72ffac076460a422713621d775937deb2584d783beacd4cd8d1c62dfedcccad2b8010e5d065d78405d6afa203a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
152b0b790cdb136ab9dbd45c715a56f7

SHA1
82b32b1a1d0da8bc2419b1849e9465082edbd933

SHA256
c3f4cc254aa7a2eba46c203232ed1c368c8c6cb59de3646e2e464a625eac02cd

SHA512
fe6f54955d356f8591f5a22e3111d341617e8c73aa362fea97da10e89a6276bd3bdc4c6ab731ca6a73ec5218bb6af987dfb7e5b0c623b8b776fb245ef7b984b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads