db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
Size

3.1MB
MD5

bdb1bee2949759faf18ac0a55f9144d2
SHA1

926f50fb62791de715e36a25e61cd54f61210ad9
SHA256

db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097
SHA512

51052f163afa3e7dd777ec556d61cd9455863d3f3ee07f06a8fbf7dfefb2cdc3cd578c7d4552bc6d8423bdc5b53b772ec9323a3ea397c430ace376d8b6effe40
SSDEEP

49152:SmxYvrqxV6yZsObYjqkR9/WZMWAIT8zpgUYI8PtMjTKc2QoCHL51TDMvf72Fqd7a:1xvyJr/WnZ4KQ8FMMQQn72Fqd7HWn

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/3068-3-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-378-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-388-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-399-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-400-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-627-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-814-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-1124-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-1428-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-1941-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-2299-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-2791-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-3371-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-3372-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe
behavioral1/memory/3068-3375-0x00000000004A0000-0x0000000000F93000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs

pid	Process
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe
Token: SeDebugPrivilege	1504	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
1504	firefox.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
1504	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 4924	3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe	89
PID 3068 wrote to memory of 4924	3068	db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe	89
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 4924 wrote to memory of 1504	4924	firefox.exe	91
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 3748	1504	firefox.exe	93
PID 1504 wrote to memory of 4776	1504	firefox.exe	95
PID 1504 wrote to memory of 4776	1504	firefox.exe	95
PID 1504 wrote to memory of 4776	1504	firefox.exe	95
PID 1504 wrote to memory of 4776	1504	firefox.exe	95
PID 1504 wrote to memory of 4776	1504	firefox.exe	95
PID 1504 wrote to memory of 4776	1504	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe
"C:\Users\Admin\AppData\Local\Temp\db7417b64dd084d1bef7c057e6334011e112e58aec81b70d161360fc317dc097.exe"
1⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1900 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd40c78b-e03b-4ff4-bead-a2325866bace} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" gpu
      4⤵
      PID:3748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96fd5043-1d30-461b-8dd2-a65cdcaae1f1} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" socket
      4⤵
      PID:4776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3464 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {692ca369-e4d8-49bd-a0fc-1dd1acbbbd52} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:3540
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2752 -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81c8d5b1-f229-4ca5-bf66-b350a612ccfb} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:4256
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4788 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3863bff4-0f1b-41dd-be9e-203bb3b7b0b0} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" utility
      4⤵
      Checks processor information in registry
      PID:860
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5048 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72d2706c-66a9-45e2-af0c-da8bd6a9a896} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:5724
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70796985-a711-498c-8a5b-8a1e65bd3a25} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:5800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 5 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {444e2ba0-6d04-49eb-b3fb-95fa350cdb0b} 1504 "\\.\pipe\gecko-crash-server-pipe.1504" tab
      4⤵
      PID:5832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
48665dee6d1c7f53cbe177b49f5ba1ac

SHA1
624093b46cec16d4d2945ad272e5766109c819ef

SHA256
985bb78290b4a04419ba82884ab7608737dd4c1cbb7511c6df93cb97d59631c6

SHA512
b2cec5e9e23ddeec6dbc9edd846f2bb316ca7c239131a18a4b4f42bace29866295609fa488c2905bf55513435373ccabb30fc487ba731919c299a6367990e8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
7KB

MD5
2751b69c4d320dea5167a3217a3a8875

SHA1
e72ec5db4132a8347389716757b0dfaac7ace99e

SHA256
1c4ac33a28bcfff92d354e2205f73792f46d167c5954a2dae166134f48e68964

SHA512
5a5dfdd0c8e01a67c09c3d3c734461dfa59517b464fbe13e5c2010c44f20b3c3e42d2182bfe9eb162e9e0024ba756ac7fac2a0add1c1ab7453d568b62ed1990a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
16KB

MD5
f9d153834bcc2aed3da0429d3e288483

SHA1
fd0f3cda3cec64ee92f0349a89eae3c6d4b4abec

SHA256
481043aef2dca348a6f217eddb0f2cd52b8ce178cc41a9032331b6493ed8e90f

SHA512
2035d6197ae64a4aa256cc94c63e7f318c76493efb44cbfa2b45369f089dc18292e995a6ea03eeaa65feb92ccf1802e6079ea18eac88f326bbc718f681ab0c4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
45da0245fdf573f7d6ca28454a2367f6

SHA1
844df805fbd36530b23b686092f8b3e03cbb1635

SHA256
852b8db56b40ea8bdcc1a6fc89e9b87e2876f8188042f3908a6b1b8f65b23546

SHA512
d921653c4e5821abb2efd422b24a0cf9ea8d1d06bf05b75be1e14973cd4a67d3851794520ce4b4d1554331f8470f64dc41c19e442d0f969e819b45815ce580f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
35KB

MD5
3733843e99f89e87089a9f3debf58437

SHA1
6eb5dbb8b37673f182117f03f2975016e1a2f22a

SHA256
b0977fa708aaba7e03542a3d3924ce4d0311d2eec5eb49cae3fc9a330a890bcf

SHA512
5ed35339ceafdf6ad7841c1e16f28ae3d74c1519f9eb54e0a6c5ff8e908bdde73b02053df301db55da125fe79140297577551955f1c62cbadd114e367a2a6631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1330ea3365bedacf3cce4b51423f6ba1

SHA1
3ba03ada1b2418ecb2b6c4497e7eff69ddd72b46

SHA256
7a1cd548c74137f1dbea84d7322dea38a38841c959809da67f0e9e89188e9604

SHA512
04fb2e06034c0066c903dada10c4653779aff52922bdefc39925fd8bf95746e1e51b8057ec259fe7e44000e3a4a6c23e1e2c18d5f13cd4d9003480d9b4f4be4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\528b1559-173f-4ae6-aad4-d888e6a0eb7f

Filesize
982B

MD5
dcf579b1f5009785a8ac90fb08fb03be

SHA1
2903f99292b71cb73f06e4cd143525c8135daf2d

SHA256
f4201621ea63d898cdcc54cf6978bfad8891f51ec0d2114024fb8d894f4177d4

SHA512
3a5c5fcddd50fd73039ddf49d7354f71848f9df6176a38e66a3a2e2694251ccc0d527e76b7cb5dd55d085b701690041d9d2bc550b9c6441e1ed55a7887a1f1ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\80cca1e5-468e-41b2-a094-764e22f652a9

Filesize
24KB

MD5
4cc2862c23c26f4aa55f684a1a12e8e2

SHA1
913814c869747da443ca9f4326a4b84fa7b530e5

SHA256
75e3803d3a8c16ab0dd2ab206b9b72f0b5f18a6484979724d6ecec3632c97051

SHA512
a59fd23713c553b3c0aae98462bbfbd651ba91d5eb0dac9ef92d4b8d7ee3da0531a9e03e73087ea8706e6c8232a5a3d0cc9bda3d813338401d2ffcadd0c64293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\919329b1-7518-43fd-98e9-7d2e05e46cc9

Filesize
671B

MD5
c819b55b8f4926c5404965c10f490997

SHA1
86d21e6cae0b380367865f6fd412bca0b9c50c6b

SHA256
44c7dcf3109933b66feab5671813a98b6d369a84cf0d669909c8bf5aea1da56e

SHA512
4ed3814e95de6b234c44d253dbef259df9f42f009078a3d966e11627ad04f9f79004a18114119a325f76989f21b652f136411009deaeb1b8903861fe4f2a40ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
11KB

MD5
2ca30d70ac558cd6951068fdc7e64338

SHA1
40a1414acdf3ff835f06521bfa6f8b2a9e7e706a

SHA256
db2b26f3acea13cd408633f7ec62291ed0ce3b5ad754f6c6f5e069d96dd49c09

SHA512
8a35ad1e66c5e8829855621e0a7b79b66bf1eaef81c7275aa8bafffda708a4ce7a10537fbeae7a0a67ea4ed00fc58af49c54218d56a2610888403a4f6060cbeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
12KB

MD5
e2802cc3cbcbdba8abe69c7d712d3cdb

SHA1
bdf7ce4914b49483f14cb36849f5b15e10215194

SHA256
b899b8bed596495affcf0b8235ca522025862e5af5e56a002a578d06b5327279

SHA512
646c3bb9b1dc151b1024cba69827714dd135da379084b8ef1e2bb102dad6563069cfe35d758031009f442971e6bedbc470114d2c6c912d502bc6a589b2bb3a58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
8KB

MD5
72c425ad83e44ba9b36a0eef0a866ee7

SHA1
4ade229e81032eca5f9d6f76454488f1d3b283b2

SHA256
9cc4425494e1620c6539afd88423a12058189d49197a02280a0adebf4f261c0d

SHA512
b5c66395b8956665a57343828f0f6fa59b56cb287deee87fc8ef8d5a2400bda7ab9f56fb017eea349ff043f0f9b5893b1250d828b5869d1e8eaddf565f2ce03a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
11KB

MD5
ed3a06be0a21dc721bef828d155b5ccc

SHA1
42ba55ea1d041cab44b58cf34be025dca283f368

SHA256
53c0fd505796f33476b80df2420b11b82dc56adc00bc51dc0306a59d56a7a6eb

SHA512
8398af1f05d92b7f59b857196348699a200c21a9ffda6d5fcc5077e459637b962a3554c7c4fc9b9c9cee83e16f034ece4e66a4675aa31eb0b82a01a42c6b6695

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
704d2219cd1daf310be60333d297e727

SHA1
527dfbafeefc08f473a3a62f980d4a98878a7404

SHA256
e8d9119574e185e79ebdab0ac4e685702060cc392ac964aacd096bbb489e7b6f

SHA512
fb6ab53c20cfd53d8f753783cf1ff88b2711a210e31263979a47bcd06fe6c1d369efed1b04586ee85ede5d5fa68480d85225275b15be58f6cfd49d97b3eaf6bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
efe96133d96e6ceb4db11f9c59953ea1

SHA1
f70edab95bed460ef1b38454986e152c4a505966

SHA256
043fec8a5c5cdca70fd8a8ba73267a0b046d0078ee84698b53e54d0810cfafc1

SHA512
f7de90a9aec7c8cf3962d6148322e682bc08db99698c454c26a399bc06961810fab127ca9f6af8cdb29b283d84cc038615432f68fda5059e2707c80bc2a3167a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
bce2405d99cf08bfc77193b1175a437b

SHA1
c444d9a8a452e9e5e2857029b379d0e9b77d3bfb

SHA256
3430a224522ae8746ca2daa467e8d66c48557810804adc3e6baac14ca715b19a

SHA512
87b093671bafd359bbacf4f5f93cfd61687d30d8046fc0083e864517f93fca334b2672bb15151fe05715bdc5a2e00bce3020d69d04a6498c6cd7960bb12f8691

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
4ee7781ca6f08c97cbaefd30ae91434e

SHA1
9b1acdd814fa0db3a0539c8aaf2b35b5174a64c3

SHA256
5d392344507ac0a7e5cadde31152555247495a096232bbc944727a3119e37114

SHA512
c64d2633c550d7877d3475a8f9409476b1784baec01a0a065d2fab61347153ef8ade0f6cbb6bd13aa563228a4a3213eb6f20ddb39fda8d3aed833a636c2ed6b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
371ee9007a80d735ad2e3ae02374eed6

SHA1
ca62077bf2df883fc7613aa0a973d429fd9b97f2

SHA256
633bff204be179588db6bccbd934d8e7ed5b7f63a510b9f77070c40e5ed1ac82

SHA512
424fb0a27e89dfc0edc76e840dcdb668d028c1ee273436ec827324e47bb0aa4e4021bf5dea62d5956249d47341dc08f8af3c2cb63053957e1f9b96f7033dc5ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
0b5a16d54a8c277bfd5aec8559e46178

SHA1
0fbd67dca953e084a4daabf8b7c81dbd7f9db668

SHA256
5753282e7252a5c5f4eda3685a01ff150987038804c91510eb8ba5edb0820c20

SHA512
eac976e752dc8bd258f937b5e3790cd66fa24161e162e9d2e24d6d9abc6fd873346ba0244e8c999031a4c65f727b50a843873b2572e81e19732a395d0b3c6821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
7658125c5b20c8f556f1aed2248fd2c4

SHA1
9e07ef6de1d8eaac4ceb3895ee809e72f10728d4

SHA256
58bbb96259a4a3f5b7c3ceeeebfa548e541b185df5943af070699fbddac72b2b

SHA512
cc9737887a25297841b164b46f66711e810f4aeb67e368eb3d63f7b5f0eee9ab925079abd1ebfeade30cf1b6afcfb12849594f208475ab13de843f3d22b7fa3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
bbdf7e3d154ada96aaead8c2f9687079

SHA1
3812fd3422984139b6037ba7f5586e0347f62b5d

SHA256
f96544502c04d0f78b95806eca3497f0e6c8951c48943d6daa07ae9d5042d5d3

SHA512
5d1b273d9f0a5c73981062942a37261b8c94288867da6bb7727f174f55f77cfeb39ee601049fb3f98954a0bdfb4961ab466de7865c28e0284c6d205db1f3b148

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
48a82758957edd523ca09a75b05d8f86

SHA1
c7e087e76a6403d10709dc7406c9589f7bf0626e

SHA256
5262e390c89cce8749e25d2e2c9c9fb3c832358883349f7fcce022d08bde58c0

SHA512
f0bf3b19bf03051c7160ff2c994fecb47f3d74ea5894f0e978a24e0cef18d2bbea47f2b07aaf5f02285f134d2390eb6b9f200fa2b355a31c015f37d9273b65c9

Download Submit
memory/3068-627-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-401-0x00000000FF940000-0x00000000FFD11000-memory.dmp

Filesize
3.8MB

Download
memory/3068-400-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-399-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-388-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-0-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-814-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-1124-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-378-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-3-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-2-0x0000000077002000-0x0000000077003000-memory.dmp

Filesize
4KB

Download
memory/3068-1428-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-1-0x00000000FF940000-0x00000000FFD11000-memory.dmp

Filesize
3.8MB

Download
memory/3068-1941-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-2299-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-2791-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-3371-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-3372-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download
memory/3068-3375-0x00000000004A0000-0x0000000000F93000-memory.dmp

Filesize
10.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads