078f1b622d7bec95464298affd30e9cf70ca964593d58f686671266cbb73d260

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.2MB
MD5

a39311f3585758d92cabd46333985bb8
SHA1

718ab1825924ceb6d218b3173dee8b877004bb3f
SHA256

078f1b622d7bec95464298affd30e9cf70ca964593d58f686671266cbb73d260
SHA512

af42d44c0cbf7520743946046cae1fb55274c357788ddc9750eafbc636f152f26bf574b84cb2ef3876502ea3ae2b707b0b2f655665dbdcda4ec157e1df241b57
SSDEEP

24576:HqDEvCTbMWu7rQYlBQcBiT6rprG8aLG2Sbly7TWEPje:HTvC/MTQYxsWR7aLG2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	file.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	firefox.exe
Token: SeDebugPrivilege	2368	firefox.exe
Token: SeDebugPrivilege	2368	firefox.exe
Token: SeDebugPrivilege	2368	firefox.exe
Token: SeDebugPrivilege	2368	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2368	firefox.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe
2780	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2368	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 1920	2780	file.exe	86
PID 2780 wrote to memory of 1920	2780	file.exe	86
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 1920 wrote to memory of 2368	1920	firefox.exe	88
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 1832	2368	firefox.exe	89
PID 2368 wrote to memory of 5056	2368	firefox.exe	90
PID 2368 wrote to memory of 5056	2368	firefox.exe	90
PID 2368 wrote to memory of 5056	2368	firefox.exe	90
PID 2368 wrote to memory of 5056	2368	firefox.exe	90
PID 2368 wrote to memory of 5056	2368	firefox.exe	90
PID 2368 wrote to memory of 5056	2368	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2368
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ed116a0-861b-4892-b7e4-7b236e8aca72} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" gpu
      4⤵
      PID:1832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a36317-578b-445f-9d05-075f2c836b1a} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" socket
      4⤵
      PID:5056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3252 -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c3503db-7f83-45e0-918d-cbc99adaafa8} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
      4⤵
      PID:4788
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3088 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7b530c-1b4a-452e-b745-d94598fd7861} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
      4⤵
      PID:1636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4576 -prefMapHandle 4572 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8466523c-7f72-4abb-b1f2-ceaa698847ad} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" utility
      4⤵
      Checks processor information in registry
      PID:2304
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -childID 3 -isForBrowser -prefsHandle 5140 -prefMapHandle 5136 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7acf5f9-f99e-4640-82e7-9c52b3590a97} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
      4⤵
      PID:1864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5328 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e9de9ce-34e1-48a6-81cb-21b3eb07dcaf} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
      4⤵
      PID:456
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95cbe1f3-a1db-4b0e-8b6b-ba72dba46da1} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" tab
      4⤵
      PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
c0a534ee1a0351a6e618f3a0c5c84ae0

SHA1
4b9f39d5f340d93312b800b31eb29d47c67bddb6

SHA256
07175c6bf8545c719109821076782e62635b78f47bc78e9e0cbb022499c4e1d3

SHA512
1fe9d293d7147265c643186b1ee2368075b858200abde74181388bc4fe3678e3dfbc34640643b78cf29ba32e3128dba54c710bab788d071e55c3a4576b435bcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
23b4e8708bc028c837654c009c9cb227

SHA1
9e93039dcbbe2e93d8d753765280bec251a42626

SHA256
a27ad7106f3e396123fdb4ba6c25a69a33d1ef7fc927c53f7be8f88efea0b23c

SHA512
e5ac200464640a49568ac5421816133da2cf7a929c158d36fa11021caba66132b2d03af1d7ea0d81d8a1ad5044226523d28fc071865fe443840a72305ed29041

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin

Filesize
12KB

MD5
7c78e42fd809a9794b637b90f42e62dd

SHA1
2d845194e9c4c0e5933f9c8817a53aea941875c5

SHA256
d49d3d737fa64bc087fa938d21b6f8815885fdf3186ac6e54aa8a20899ed787f

SHA512
568892ee4f9ca69d8f104d9428ffe93a4c24ff1143983a8dbfc197cc2447bba058eb06f1cc08ffa5dbdd7dad36f41e1f3f4269fd871c0de9d0232ae99dba6504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin

Filesize
12KB

MD5
6ead5d105e4cb16586b4e9de9e33e0d5

SHA1
3b69b138ff0032c1046e0e52ed61f2119200ee00

SHA256
67ed4828835c9239b9b284cdd58105916fa9942aca034a080b2339317c93a8f5

SHA512
121ef35cb7349eb13020f18272590955a25d9d5509cbb4c98695e4f44c42667d6eab0e765137f4d2959a4e829185318731af9de796be5c757c65ee6bcb01eb7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c575768604dcd84bf12c2b206eca48c9

SHA1
925ba60bd5a86069c4647de4a313c9f80d22b716

SHA256
5ce618bdbdc3f4e44d55a8928d708aed60655915dada345f6932d16b1f9974da

SHA512
1cbe73a04d2dc57a3e1063ca9377830bd3de5246e6a88cbd747a082c80b309fa8a6b645aabcc057ea27447e21766efe00e8b9e6adad66d02447e0c979eb9f0e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
70dba1a6db1a879277027665a6e38f8b

SHA1
674a384b4afaa3749b5720a1d40ee11657b9b6dd

SHA256
b1eeb55b7496975ce066feab5844f4f93ecf6acc5d1d5ecdb525be924b237769

SHA512
3eb09ecffb3e126aa7c1988858015f9baff5a0da7568524a867427e619d3af2838332e45dedbdff90962c9037b0e6969aa75bd0d1a7da00a56aa152b73819dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
32KB

MD5
8ffb87814fb45d42c0aa243c361c1814

SHA1
c95ba5bb5d2f0a3837a461f63ab5c981adea3a2e

SHA256
b3260966ce8e072e2b3eb59d6be5a1710d0e44debd4c303b86097acd9cd6ad4b

SHA512
728fd6dd48f157bb4c57305a9daaa41f07e7b6347e8741ec05488b769f85e7aa80fea5fffc909ea73ec5ec2471145e221da503efba5c23fef9661a79561a5122

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f828f5c67a819eeb836e48d75cc9ac03

SHA1
38483c93ecb22297dd92a5629091bd4003dff09a

SHA256
cb2ebf72b03039bad49309e1ef3f1e1d1e94826ecba1f2f1c80a9c5e65f38f8f

SHA512
56f94b838c744dde08c9239f4b5088b77445570d43725be0e26f9db7baa2af8da3bc97a37dd1c41eb28e2c40afc80c1f83783399e10fe63e33981f937d4244d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fdd88082a1796f9bf25fc27a5eebb9ba

SHA1
e6b289b0a4cf3bf42d081cf041b829bc3435e83d

SHA256
bbacd0419b9f232ce220e8e981818113edf55daaa060af30eb99e0d78b548c97

SHA512
5187d535f8a6096aeb7d00f95d7af41a2ac5e345d6b60dafe7ddfebb53434842217dc53995c5db28a226eb6091d9c245dabfd63e82402d078b1cce16e5e48921

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\1e7f8eaa-d1d2-4182-b53e-2ad161a921f5

Filesize
982B

MD5
8c9e79b686664b6ef66e6d957857523e

SHA1
e571795189fcd535fc12095f379807e7b22ca614

SHA256
56878aeabcc1f419cf0172daff456baf950f2f1134d8b9f60636892681c50d1c

SHA512
44cf2ccf81641414564ffafb3a1d7811daf961b208ab8f26999a64e466800b07dd0eb83e720709fe759e6fdf717e747987295aa6f0364d4530787ccbceefc1cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\35101019-a0af-455e-9ae8-eadf7ed81f3a

Filesize
27KB

MD5
504cda74d70072de13b78e3e0e5ce144

SHA1
881e9bec9b7f03460c8a2516c534b2f388a87563

SHA256
4cb48761a2bac9672311fea0066a50467136940b8e21f59f7bd91bd80177e931

SHA512
b5446fbd5bd64de7116c61555186608de0271c1e25bd5826f1bfb88dd66f5ff990c52eb23a610ea60b1e8e29205023477ad7ca2491ea03c9f885881e07604066

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\f7366da2-a38c-4486-b8a0-0e1b5cff83e2

Filesize
671B

MD5
de007adc2785ca821b15031280e60a86

SHA1
b49d849b67819e4d245f587f55f28bae1f614c43

SHA256
5f3f1c75313022f06b09ee3e5b2b2d326fa390cf12fcf7480c50a7cfdad64a42

SHA512
3225fe47ffda9c0a53708c31c04ee34884914a40efa0dfffcee3b3111938377d6857ba12db839b50cbb961e85abef23a3559e35d4f5c32e6058bdc33d32b089a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

Filesize
13KB

MD5
db250c5e225a7d9a4d94f8211b174921

SHA1
629375cf7729a80f09ae0e09a2eb996a06c9c13b

SHA256
aba09878fe594d6284eff59d50fbda93bdc03ce7477ff3635c3071c0f8f85c4e

SHA512
eef9401038938b6c1a85773ddb9080d0baa5d281a5d66fbf774a523726a48b73469bb4dd6290b8532a15f03ba803212a26f1fff6797f793b6a8f829446dfa0dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
8KB

MD5
09c6ebb781ac94ddeaec015cc7893206

SHA1
8e29887cb0bd9100c3d239cdd0ef7862c5a53a8a

SHA256
d3b38d01239afe6812eaccee4e64489e51e53f25908d4cf1c185685ed82d2c98

SHA512
e535e1c335f75e76151db4c68ae81078567769d67faf86de3d0eb0887e8c6594ecde0c981bd123d9b3829da87c2cc0d29c37486e78516e99d68dd574cbd7f2a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
11KB

MD5
82d6b0706c643ee7247a51f92b0dffe1

SHA1
5c3e82c28a089dc73541bf29e0088321645da06f

SHA256
76603c863325722097817389a8db55bedd44eda7fe2ce2671db7e50f8d533209

SHA512
a5f2aee0be984f78da049f0fba601f8260dcd2fc33b395a8386421c0e8109459abd3873ca5a85a17079c1495042d01a87fb5bce190ccf29ecc4ff973393b6d07

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads