62b5b17177eec7f8ca3b89f19e22d6576a9965618e5a62cd50b47b77c64ad8a9

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.2MB
MD5

6a8d9f510bc3ccf1b81aa4c89d469710
SHA1

715f2f4c3063135bbc9ba8ea75a3180d4b989e7c
SHA256

62b5b17177eec7f8ca3b89f19e22d6576a9965618e5a62cd50b47b77c64ad8a9
SHA512

2416b4fa236dad86be71558d6c9615855205ba26ee00dc306043e69ff9a3e03061ed25ac4bcbf7af2cab9302ad52228f6aafc374f3e44857ea5f1742ea741edc
SSDEEP

24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aLK2Sbly7TWEPje:uTvC/MTQYxsWR7aLK2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	file.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	560	firefox.exe
Token: SeDebugPrivilege	560	firefox.exe
Token: SeDebugPrivilege	560	firefox.exe
Token: SeDebugPrivilege	560	firefox.exe
Token: SeDebugPrivilege	560	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe
3188	file.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
560	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 1140	3188	file.exe	94
PID 3188 wrote to memory of 1140	3188	file.exe	94
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 1140 wrote to memory of 560	1140	firefox.exe	96
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2012	560	firefox.exe	97
PID 560 wrote to memory of 2088	560	firefox.exe	98
PID 560 wrote to memory of 2088	560	firefox.exe	98
PID 560 wrote to memory of 2088	560	firefox.exe	98
PID 560 wrote to memory of 2088	560	firefox.exe	98
PID 560 wrote to memory of 2088	560	firefox.exe	98
PID 560 wrote to memory of 2088	560	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:560
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91fa674c-4ac8-4b2b-9c19-be87b60f0f2f} 560 "\\.\pipe\gecko-crash-server-pipe.560" gpu
      4⤵
      PID:2012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f7f7175-22fe-41d0-9571-0af7b014ddcd} 560 "\\.\pipe\gecko-crash-server-pipe.560" socket
      4⤵
      PID:2088
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 2928 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c3d3278-55c1-4c53-9c8a-7989f1390a1f} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:1700
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4100 -childID 2 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {103851c2-207c-4472-8c48-f3a2a9007eb1} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:3516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d72b93-88df-4883-8a41-8f5e702c2401} 560 "\\.\pipe\gecko-crash-server-pipe.560" utility
      4⤵
      Checks processor information in registry
      PID:1272
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 1620 -prefMapHandle 5328 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1232dbc3-47b6-4761-9452-01e1c3a42ed7} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:5984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 4 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {868ad4f5-ae83-4f9b-8983-28a3c7a8a5e3} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:6000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5784 -prefMapHandle 5780 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69974a1-e6d2-4a2f-ae08-c8dbacb128b1} 560 "\\.\pipe\gecko-crash-server-pipe.560" tab
      4⤵
      PID:6024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
2a08ad168385476db1006c2100430ab5

SHA1
01dee2fb6d6e3792bdb643c10fec40a30924503a

SHA256
8866398e63c5492910264ca6a5675aee61ee0a5f7ddd547f4a0d145dadc3a070

SHA512
ccdc49800aee37e7f7be5b62299846678163362a1479636e99bd2231b15f80e19c06eaf53566293db0749ba1623fe6b67594c8b09d2ef8498492fb336af7a006

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
68f651962c68330a0c7e17c81d346500

SHA1
43bf667bd1491635327cdd899989c4337b690d51

SHA256
c272c4795fd1266bd1bc04b571010e6352b258242c24922e5d2d85c5f21ae028

SHA512
ebfa9f4c37baa55aa7fa0b5327c1c9f04abe23a391ff6edcdfe62a63fe3b774f391214259761a39479ea72f68e894f4ec9aa564dc504c2f27dd0fc89e306339e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
11KB

MD5
37c18de17809bbbc2979092af57dc053

SHA1
ab2a4a43ab5fc695f19c380b0e7bc1bdb3ba7aaa

SHA256
ad9dac4a607c5e10fca775d97e003320b4d4d47c9aa3278796381dbffc0893a6

SHA512
c6ec1b45acb59eed08fc458501f1eb707ccfd003773616cff25b5bbdc6c86ae7fd5ec7ca41f8c0c586d20d37ededb2a787a57dd16b25c7cb0e34b334458658f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
83d256b586df3b4b2597e180c66798a7

SHA1
d7cd5019a497e9336a39c3a2a2731e10e40539d0

SHA256
69e18a2900c617e8bfe832533bc68aeb0c17d14e641135174b0c9b5aa3081940

SHA512
c3c8524632504dc61b17e61fa98ae48164ebdf6fda5bf2c2028d5db692f1e97ed1eaba4d73374bdef924ee8fc8eda851ae746512609a68af51d1c3530a3bc5c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4c6a49ef36d08fc66e288625c2a886e0

SHA1
3216d746740332d9aacc5f1664ec18e6ec4a11af

SHA256
75c79d61a1a871c770c2339733dd00b47c15b8ba6bd548b79830e30433c4489c

SHA512
88e69f11c1e97d4fa7176257c6bbe6cb3775ae2221edbeb9fae104a83eb14ab53bde548ac9e2d31d9e6f08b3dad344087e529415fb55a09272cba7107cbc79ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
812fc57e21ceab43d33ee4014573568a

SHA1
e1bb46790d47396e63f18eb11f4546b92d9bef5e

SHA256
27e4d0ec4071a4cdfe17716967d3777c2984d3f78f5f4aa4f62cad1184dd4acd

SHA512
7bf92b1dc3ed4dee19c714783dddb682743280decfb1e46333486fe7d0025c6ff62665fda492ff3d0698b52e4a696d00d9957fdc40ed1ad5adf408dc8a3b8e5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
79aac2dbccec54771b7737e090b8624c

SHA1
d6ad8e16698db5fa784704c94a99d284b8debaaa

SHA256
db1a99363ef243970b76d45a25622986d17835f641332bda693e16e49e77b39a

SHA512
d95db886944d9296a08b86c657bcde6bc55f7d15956ea203db38928eaebb90391a2bc30f4d446818dae180009e4411012de62e014a8eba08f707c443219b3461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\122b9e95-09a9-4778-978a-5b0224cb6db1

Filesize
982B

MD5
eb926839cc02a44d1bd16365c2af236a

SHA1
4e8833088887fb65e7fc149e5cca3b3b307ca166

SHA256
981ff6251d447168e4c4d43e8ef15d535408e1cb4d57a5f31d180b6eced8cefb

SHA512
ace1afe9f65a4e0e9b99908cd39caf3e300b884922648092c632e8c8a708b58fc6b95fc92417d2e863371c160ad4795303a62e6ef7a0a063f33b76d13aff4c72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\50e90361-5728-46fd-b881-096230524526

Filesize
671B

MD5
18b6cd2a96fd3326c3e2f821d8293032

SHA1
9318f6acc5a50b4e3e4d69296175b32c34771608

SHA256
a093e4a4401771d800220e304278c2bf040b1daed7c249c9ad2f1a411ecc75f0

SHA512
68b97b37478cb481453d58a1f3dda50f83ceebea441d5a769f8d4ec7330a3d1e7aa1a59861eb46f2371e95393ea2b6ab6320262bceaf8cfc53fdbabdfba4a964

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\f446d899-e407-4e1c-820e-d479ed66a366

Filesize
24KB

MD5
5bd8ff17f1c2483b49412e0ac9ae8a98

SHA1
74eef90ce93e7624110130ee81bef8b991eefed6

SHA256
fbc462cc03da3f917ef458d1e5e0cc964e2c4c70a8db50cef54309255cfcd532

SHA512
d25206c751a02ba152c63dd978ce32b9ef0e5438c7bb62340490b3720036361ece13e79b729517dae9ca9cfa5314bf59797b4be85d86e69eef6ffe37c0a4b742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
12KB

MD5
df93ec2ff1f01b1c585e479072f2c498

SHA1
2d254fe982c8ba1ec686ed9e2f09dfd1aa0a9fa5

SHA256
a655f564b51d8ae2ef4de8a627769b8148899bdc06759388ae75910f40024ed9

SHA512
21072cbfedaf14b83db253bdbe5773c82d08816720c7f985a7c748abd12d6bb94cc84b955a6642b1b280daa99b6b4b393245d16fe2d56b1c5c439032d6d85fd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
11KB

MD5
ab43ea6dcd4edac39df4ba49ec04b57c

SHA1
8875af289f490d25edf8cdc36df1c5bb11bb8658

SHA256
cbaef8422a26c5a5531d3b852b669aa4ed02592a31b3e08c674e04acca5af648

SHA512
5bb5bfeb9182483fbfa3d23fe07077efc544100518e8329e58bd99fb590464a344a134d69868549e78b14741260ddbe337c504e2effd2379491b692b1505fefe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
ef61164f6f4ffd0f9c1f090471b1fd3e

SHA1
213996da03368e8e385a162bf94ecae878175c63

SHA256
d1232bff5fed198839711bdf9efcc2a5e66cc93a7a92a13f43a8d5c48580ec1d

SHA512
0f49da922620286a5ce556f52ca149ebc53793b5cb868aa9de8a0671f68a9d80706b2165aa4cdb7495388b59d063fc0ee6d4d8f799fa515fbeb12914384f542e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads