99dae2aadc1b67e88fb4122f7df5781557ec5f7857931fa57539621bf9090b0c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.2MB
MD5

3c9a07c054e1a4e29475a82c2a1792b2
SHA1

359f7951580f7ee627f7853752ba7a9b83aa6fd2
SHA256

99dae2aadc1b67e88fb4122f7df5781557ec5f7857931fa57539621bf9090b0c
SHA512

3fc45a7fa6d694c5bc47dd442a7b5829a4ac4252c67e3e9db83fe3a66825fab0c80b28e75ca76cfabbb43dc94a84fb0ea377939094acc8ba51fe5d3293ef4052
SSDEEP

24576:7qDEvCTbMWu7rQYlBQcBiT6rprG8aLu2Sbly7TWEPje:7TvC/MTQYxsWR7aLu2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	file.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeDebugPrivilege	4220	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe
4504	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4220	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 1240	4504	file.exe	91
PID 4504 wrote to memory of 1240	4504	file.exe	91
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 1240 wrote to memory of 4220	1240	firefox.exe	93
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 2924	4220	firefox.exe	94
PID 4220 wrote to memory of 1356	4220	firefox.exe	95
PID 4220 wrote to memory of 1356	4220	firefox.exe	95
PID 4220 wrote to memory of 1356	4220	firefox.exe	95
PID 4220 wrote to memory of 1356	4220	firefox.exe	95
PID 4220 wrote to memory of 1356	4220	firefox.exe	95
PID 4220 wrote to memory of 1356	4220	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67176089-55c2-41f9-8b6a-c625e5d43051} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" gpu
      4⤵
      PID:2924
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d495717-3f9d-4dac-bff3-cc5ff46e810f} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" socket
      4⤵
      PID:1356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 1692 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9081666-3ede-462a-b9f7-17e51c7322ae} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
      4⤵
      PID:900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 2744 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bafb8a05-f763-466b-9ce4-bc2d294d0115} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
      4⤵
      PID:4920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21c0d6eb-e8f7-4786-b98c-0c52b18a4380} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" utility
      4⤵
      Checks processor information in registry
      PID:5176
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5b247e-d547-447a-b2dc-5fd344577ef5} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
      4⤵
      PID:5708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13ff31dd-dfb9-4d06-aa0b-0dbb1919396a} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
      4⤵
      PID:5776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5604 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dedb74f2-fba3-408b-ae12-f5fb37ed7b64} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
      4⤵
      PID:5788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
2da6433ce71bf2680f990b9b2257bd9d

SHA1
782ca7caed5e1f8650d1141a72ee0592486b90cf

SHA256
cecc85b5c9a1eb0ffeed4a49a85a42d0ba15cdd63219ff7c5bfc995f4b734381

SHA512
1c0f655bf761210be99a8ed59f53e97d7c5014523163bd60f6b5033d0b61012029b45ccc1a82cade74dc4774a3d6d37aa6f39c399e81669f2f4e3b4d1742db12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
80137e5b199a92ae770322b541a84340

SHA1
097510603da16958a9e4b519ac9105300464a0ec

SHA256
76f25e944e2c3baeafbdd090f39ddd13c7034bf63b4f2e98b66399c6a7e07d7f

SHA512
72a4751bda280dbc13d936c41b7b9b4947f2b4e29b02c456284885ac33af552b35dc9ab95d7d5e3958a1aaf673bee64910a3e0ddad108b35bb4e6f4cfbc30eac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\B68E3033124AEF93BD74E740FF3849EE78626BD5

Filesize
13KB

MD5
370d798fc6e5e7089bb41e7e7a5300d5

SHA1
ed8d5a28a7a8ef6158402e91e1db3c44283ca567

SHA256
9f0cc87961e707d3e3f5a1feb2a5485cab457951e207e87f0ebf395902d9e4ca

SHA512
6ebb0eb6d3e17ddadbf1ae447ba0d99d1a1ee1a3eb348f0fd7b1e699a94bc7e8f899235b53c9b46ad2528a41fd0450395168bb23705d9a66aaa74bf267065cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
12KB

MD5
5a87dd83252ad8a7c0d26ab13dcfffca

SHA1
2fdd550306a03f662eb3540b09ce3b3befdd1320

SHA256
41662a233e665b2218a5a258017375cb91d3beed71e92bb9db31446b87042e07

SHA512
5cf3ee3674b4e85f8753ec2501f3bb1368339460b8413e2f706b573fcc5e1f9bc2a6ad1f19f0db61f473cae8491786a9496b0408baf2c1a0f3bba326b79025fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
56339c579668b96754c1dd82747b9f27

SHA1
67f970e46d78301beed1b3ba1666171c71a304d8

SHA256
0d5e29a54b350e0e113d483538a3391b5621cce00c7b16f0d35c7b8ae03bea17

SHA512
273715aae5b0b84de02ab3e937526304c2ea8db93eeddc6bf571683eb23a5bfa149654eb1404939132f368265c3dcd0e6e8ee1c2dd6f456f2af7af594bc178a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
28a24ba8182cf5309085c9aa458d21b5

SHA1
43e9ed1bde36b68fa01dc691179cf0065ac0688c

SHA256
e23cd5a62c6d51d1bc65b0424a88bd182552aef5f20ab2ca7f776f8dd1a5f01a

SHA512
6831ee5bfe8e02ade1ba90bdc075f8c91b68e80592bce383494a23887386a2e460e34a9ed4163d26fbe675db2c411764886616115409279c4472e1e9a3b67835

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\43ad55a6-db85-43c5-9241-817eb93cd071

Filesize
982B

MD5
ea3524558e97d5eed2f1175239b00140

SHA1
cca3f5c999fc85161729a8f65b745aa42b284b22

SHA256
e9d829fe55dc785a152385d47fee4ae7fb5853c1740c943a0ab21599b529e475

SHA512
fab0803a2ccecef6830645319df656c71558ac185aa4be9c585bc0b487935a48346c5cb55d2d905573178c865dd4fa83f21e3b07b54930634a53b8d77828d787

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\483b258e-8379-469d-992d-2ca30ec0fe98

Filesize
25KB

MD5
7810bf95b7a02adaec5a59834c7fdf75

SHA1
0c3a58b5030c81cfd717d4055e8c9b229ede6ab1

SHA256
0da70c5adb2224bec6185f68397ed2746dc5183d04e36efd59f51787f534c63e

SHA512
e2e2a93cce04a4e4212eaaf2d83e5ff3748cd1c4d82b3e0a3323148122e8e6ef32619c400e71639cbc46569d3cc307749a9c2f0c8bf0a2a9fb6ff22be5cc2496

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\e39894dc-1f88-4a2c-b1ec-8e7037ba5be7

Filesize
671B

MD5
2d26a43f5bc1152f66fe8950e1a0e31a

SHA1
d4788b315e0a71ec516a20699e4f833cb399fdaa

SHA256
ddd4ac0a876b01f5751b1e2c5a708cc1397a8a821da6b74dda0732f5932a4d35

SHA512
f7c97d83722c0a1bc16265c0791f68b3f36afbc3fc46e0d538ac89b920a4def9f2116653ea06a3b5fe1802333c6bafd4d83766f38faf1b75b29c2cd2df7de128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
13KB

MD5
7835d89bcacca0548d5080905a1c9a8c

SHA1
7064ab674fc68b2fea2a9415d74b0bea7b28c073

SHA256
d78f289c9e6edf2136ccf89ff6f0aff3dc68d797b9e834a9d1c374aa097a303e

SHA512
ace2e5362258856b633256841b658f63ff7b5728f28aeda1a4d57dc89dd3b18210f62ecd6505e5815fb4ffa68ba7a638d74f9dd647a3de3dde533b9c83c2a723

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
16KB

MD5
29ee2e2aa8727d876105980b6e562a5e

SHA1
b9b68aaa8c2617d6996649aab45c05d0779827bf

SHA256
f69fd1ca4f4726a9f1b228cf9198ccdabac63fcd308630a21b0bce4112ee1f6b

SHA512
9fd8d2e6a51f6330c618565ccd9454fe57af39a78e858f59b36ab9183869e42f630f13e5437da39e8e536d03c278be9862c879993295d11e5d250000b79fb0ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
16KB

MD5
99a8d3ed571d62b852fc3e1e3e124efc

SHA1
4a3ef676c5280bb728244a0e9c598bd0f056b075

SHA256
cbb66177b726a2589c4fb4a4f269e142774ede673e9e2fca2eb9b56b0bb48822

SHA512
f09686234dd64f238c25b343ccb3756091a76f68e19e5181aa22afa9117b1b3d174707e10ded377dc9dda5fd7028938dcf64e2f49d8ab906a3c5f38ce4c1eb44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
968KB

MD5
e08b684c5f94f6952b1ac1474d802c5f

SHA1
aba223a056bd64639c3e771c441b9f9f91ce8639

SHA256
c84308da5b334b0730c21c742dedb29a9e337c9939de1f5b65d22d98cddad704

SHA512
75dfc6fa90bb5e019d853a4722f412aadc2d14219aad07165db55a834b2d0e5f410d7a51598f205669244bbc94a372ef3523d24ba3cd83b00dd371efc7f84cf6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads