b2ffd93569c7eec760892eaa4e6fd1c2e783db89f550153d1123ac69c63483e7

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

3.1MB
MD5

a6b9ba406e557a924fbff7546c9b8386
SHA1

cd4056df2d7b011e8f1e4d9683d122405a88835f
SHA256

b2ffd93569c7eec760892eaa4e6fd1c2e783db89f550153d1123ac69c63483e7
SHA512

215f58bcd44202a5a044b5c45da45095361cc13960b174b22df9c7805b4e1e609ddfb6c1f0b1db07891c6c79391aa8b2e2b64a48a8955cc81875c125cddf5c21
SSDEEP

49152:sFQWGTL4ZoT1gmH23VPEy0bFbbFcUYba1/hMi7Nc3MDUe0svL0CA/CKjsCI5J:sFjA1gmHmOv8a1Gi7NvvLfwsC+

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	file.exe

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/5004-5-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-301-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-371-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-384-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-385-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-621-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-817-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-972-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-1390-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-2062-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-2465-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-2913-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-3284-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-3358-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe
behavioral2/memory/5004-3366-0x00000000000E0000-0x0000000000BD3000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs

pid	Process
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4024	firefox.exe
Token: SeDebugPrivilege	4024	firefox.exe
Token: SeDebugPrivilege	4024	firefox.exe
Token: SeDebugPrivilege	4024	firefox.exe
Token: SeDebugPrivilege	4024	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
5004	file.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
5004	file.exe
4024	firefox.exe
4024	firefox.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
5004	file.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
4024	firefox.exe
5004	file.exe
4024	firefox.exe
4024	firefox.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe
5004	file.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5004	file.exe
4024	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 416	5004	file.exe	90
PID 5004 wrote to memory of 416	5004	file.exe	90
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 416 wrote to memory of 4024	416	firefox.exe	93
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 1864	4024	firefox.exe	94
PID 4024 wrote to memory of 4716	4024	firefox.exe	95
PID 4024 wrote to memory of 4716	4024	firefox.exe	95
PID 4024 wrote to memory of 4716	4024	firefox.exe	95
PID 4024 wrote to memory of 4716	4024	firefox.exe	95
PID 4024 wrote to memory of 4716	4024	firefox.exe	95
PID 4024 wrote to memory of 4716	4024	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1888 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc15cf2b-f93f-4da7-a773-849ba2a82172} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" gpu
      4⤵
      PID:1864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2580958-78e3-42a1-b15c-e1d1134061eb} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" socket
      4⤵
      PID:4716
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 2996 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6e1170d-3f6a-426c-81ca-372723f9bbe6} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
      4⤵
      PID:2308
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 2 -isForBrowser -prefsHandle 4128 -prefMapHandle 4092 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f75ce56-fb3b-4348-a9db-b09bae7369f3} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
      4⤵
      PID:3464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {274c5904-b670-4ec5-a10c-badf0d2f4232} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" utility
      4⤵
      Checks processor information in registry
      PID:5928
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -childID 3 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb745c9-1b88-4ec0-8bcf-084bb55d4bf8} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
      4⤵
      PID:5936
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 4 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2036a149-0027-49b3-b0e5-ce62081a08dd} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
      4⤵
      PID:5992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5376 -prefMapHandle 5276 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {122bf527-dfbf-4a46-b9fc-df80665bffe2} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
      4⤵
      PID:6096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
fc4b2861d5800e7885d344a0d45b3d5f

SHA1
c7767677ca9cbad61dc00646a2d74c321472aacf

SHA256
2ef42b9e10c46f60f38ccc19099d16997c18e8d43c0042feebd519b42bb8b956

SHA512
415c4d9fd82c3193c253f2c5a4a2d22d1b857a2552e45474612283cecd726b3747255aced08c8ba70b8684005ecdc640161448fca5024b86f98ff51651fed54b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\cache2\doomed\26514

Filesize
9KB

MD5
52a2ba73bcb1632f457abe0061c55bfb

SHA1
cf9ccd315e5d44e0d837f3791c271003184e1136

SHA256
0cd0ec1891e5b9235a2df8e2f6da8ddf9b765f2072681a0a57158c430fe6ccf2

SHA512
00c76cbc3e98b466b485e02326e49362938ec16cefeb691a947978afe8ed88960a6db1a7d95d1702ec16e6816efcfbba5e16a26902438055ebd3a4b2acb647a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
4072badefe9359e23dee8b7c981f0f4b

SHA1
ecb0fc29a287d1e141eb9accfc66626edb31267c

SHA256
cb25405ab5b385fa6d06ad187fb853b6a057582b954a070363ea7925420a0223

SHA512
046662077710df252325c81a26e8147c859562b5931058353cd6b5d0a50278b22a5496b8710012fb82c44d09eb8927b43be8837817888f98a38237b159093cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
8KB

MD5
66b868c389627557a8a5959ab97485cc

SHA1
d12de534a5d7292182127dba9c8093b21376205d

SHA256
9b510edd6f3a7725d1d5c64854681ae5ec20eb34d2aadaa3cd5cfa9b53bdf09a

SHA512
83c173213513f0f5bd9ae7a0ff4e823aeb45b34441d7c3c35304b33664e29084f3a847d571fcf705c9543ac827f96295a4cda92e0f0915cf43b49d07df5b8372

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
16KB

MD5
6b24a86acf29546e2a2eaa98bff8fbbc

SHA1
3d7ea06a766ad2d1fb39cc5fadec75f4f839a864

SHA256
29c0427ea22b7ac42ca8a4ac215b12ae62c025339bcd895c9507cc048d246323

SHA512
39fa8482f988a85a4bc8c4c934cc0dfaa4e60a511e418b5638c8aaae4ea3b75ccd1d9993b0a3ddc8448c2277903efd519f9c30f0fa90150dd79f651aa8f1137d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
583c0a284ae39c9c804151709a1b2ea6

SHA1
2d75e0abe966a7789a0abe36249556497d3ec767

SHA256
849e8d00b1618d8fbcb1ba28649a7c9e58f745acde80fa738002a981734e6322

SHA512
19fa635176c32098a7d6c20d46e0d226a0327dba7f649066f126230d7a5ee24e779d5870a05b2912c108b444c54c3af820ecb42a12cffd7a752fdc7f573b4d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
698ce756c269f81c5162ed6e4dafcf1c

SHA1
b20c49274f02b90cb5c0e6e9740d2f6d0a6eb865

SHA256
f907eed7f3f413ec5f813264128cf09f4dba13c507a760e0165b92599f7517d1

SHA512
18a8515b573cbb400d115a9b936a989e46b830ff0905b4c4272526e45099a2ad2c16eb4273889b20312cd064461278847fe1f5c6b17947744d6a28215b216710

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\64d92942-916f-42ed-9220-b53e91d75358

Filesize
704B

MD5
b8232a87dc65dfb89323a075966f09df

SHA1
37d603ca192f7b6b48aef8dfd95656efc943c0df

SHA256
0743187a618fec3d41b174ac0179f7dd60b76e73f0c5cd9daa3da1a7a6906d22

SHA512
09d15a78419141e291db9d9916fc4b796491d7022011e8ae404748d8b9fd1fec64606086a041b0b2c23acfee37e5185d46c5f7da2d4eb317524ec48dc2c0eab6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\9875569e-a6b0-4c10-a653-42e117294f3e

Filesize
982B

MD5
ffabef3be747134369c0c84afc2bab8a

SHA1
0ec1d43d3878103ce788d30ae0cc56247279f531

SHA256
ad29631648ee4514b0faa57fd8702ae58bcdd6d8c0f3b64c314e955d8857b347

SHA512
9b46acf213a1480b3cd77e80f0e9fdd9f0a36bedf65fef953a57f071bd9411f461509923043445ba3ae67825d21827b0063fd492891a7ded17cd6785ac4f6414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
13KB

MD5
f4a8eb6844c05e661a0046ca489d6544

SHA1
2ae9108bb5cc873d3f97438e84b6276f80e34f36

SHA256
50ddb9f609aefcc17322988cdb4716f565fffec53ede8a8d0d03523d05a8ff97

SHA512
47fc6e61ca9087c1ebc4fdf6348874ff6c33ae018b4fb4c3f678bd2edefc6179099f7c4830e6a35bea825fb6dc7c738935097fc007cdd674ca3ac15fc3356d35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
11KB

MD5
3c56a3e99aa1ceb707f54af167850b94

SHA1
6493b715fb38eb7f5812f96223780d7846d8c6d2

SHA256
23f06d7b4b967694cb90ad738b9ae455783cc1b0729b136c71b881fe34f54c16

SHA512
7aadc029603a28a8085cf31fd3e02ff65d39c50a981ddd4a6505e46ddd90009613ffb48dc5e2e22c543b1f0abc519ce9b37c488c540354a82b55b902e5632020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
11KB

MD5
26d911d69c25b910b5795e739b962bd7

SHA1
17d51768e4ead40eef43693b1c2703fb494d04c2

SHA256
dd8b15b6f41bdb3b945c50239b66971310becdefa0b9acabc015d2dcbf265e04

SHA512
84742d0d72ac74edb0199c6a726e51ae19f03f6d3f1d2609a3faa9b9178a3f9f1c4a648ab00146d95ad94476c0f2838fe99045360a0132c797e10c99b6ba5844

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
8KB

MD5
79e2fad79cf8af7a7aa8af333e459966

SHA1
a4b7af1a13171b248811f15287a5944da5b4fa02

SHA256
f42cdc1ad71d642d0028cae8402c93daca5625f9626bb9536d4e8ce29ecb1529

SHA512
76719d812b277c1c812564d40e6f10ebd43046a392494b1c0c4541df0284a8e54bdff136f71a6af83ea0d2ba24eef3c7c7c126c8500b1d47083b88f37b8cbb08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
624KB

MD5
b4e8726ecf2e3b577a9316e65e303ce4

SHA1
3ce5b7cc241f6a557ad4f0daccb17640019665b0

SHA256
a9d4881d5230414174ddee9aa5f5c270221d0dfb222098a1e19b71deac7bb059

SHA512
940ab4c447ada59f5620d13e467edd741bdb5beb9450463fd1aa7a1f47355b23984dbf156235440acb183adc662c61a1084c84e9605ff08175b786b737780a79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
a25d3f74ace3c695127d38a8fb5ca5ef

SHA1
e522e70380437207cdba1d5f9e434a058f36abd1

SHA256
df30ed659ee701d378d2d544096260c8b6968235c686f5f6d9f391aaacba1f27

SHA512
5bf6a70a4ab6b27260efa9fdcfe49c0a86c048b0553ba60398ef93c390f066165622bdd971d21e505663e05a1b6f13dac6cd40b09a4fad84cca1eea886e2d7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
cb48d4135d13be326ca731a47fb3d5dd

SHA1
417deb1c4c09b8dac1d46cb6bf0e51921f0e2494

SHA256
aa14a392f1525f71a74dda190041f7466173d5e4d8f1632e4b24ff21c6fe9420

SHA512
8562ef0d37c694d513c3bc353eadf023d8af728acd43a6f2031be8bbbe25f0892b890c2a202a557fa77ebf845f33a1a56ce72511c4cc3a1a42cbdceba57616df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
19548c9810dce9986ca58fc05b7ca144

SHA1
2b8fdc3a4467cb7d48ed807868922d8aefdaf707

SHA256
d8dcc6fa322fd7ebc7a9b76c292509f91ce4cfad95cebfd45ca69be70970faf5

SHA512
fec3771bb91b7385b155a8ae630905e9c90986e246b275c0e16335c791926950214d5f51e417fa227e47f9e8296ce3fffbd9d6b365fdd0b5798ba24aacf99eb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
4574473a7ded6ee5f1e5cb64dfd47a8b

SHA1
bf580d2ce362cfdf87e34bcc7f4537b12dd8f337

SHA256
3de3e83187e4d5b27ac01284766f470e532f7b2b83033045df8d515a89ab3269

SHA512
f408f73b334cec6589fd786d05da53d674b675edd1e7da77f73c58599545d4abea1dc5861b6a10264d02b8273c6b6d9f8584345f052e69fe04ee49596207f18e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
3b86c01649fe1af1f9f4c2e1d2c0e31c

SHA1
5fe68df448fde6b5f75e0ed94112990919ae4a04

SHA256
70bf769115fffb41db172b637cec2f9bd6232cdd6f6202cb103b701fd2d3df23

SHA512
bd5e63064c372de0ccd2c4dfeac640081522e68fef21dcecb6000df86e9f455ebd3a9a70d038496d27e050c79085905c2e746db6630eae610acf9ae3823bbd27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
7ebc9725e0736cf36b9ef353583c3ef5

SHA1
6e4571274c1998320b284683283b234d90ad5377

SHA256
17214ab1ecc696e0c6fb15b59fda69588060fb8723522b036b426364f37a5f43

SHA512
59bad728f5502104108a31a98a2227f235699046930e89f04dab4f453da19912a52a2e80ae531abdcf7e49da6469d671049a23ffd9769cd1886f302cf10a4aaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
8c7e1c098a60cca32aea10979cd56234

SHA1
f705a773609710d29e3bf3921253b55672778319

SHA256
73395a7a35d7a1b8898e7b840244dd1fef740cb4edaaccc82352c0a343007e79

SHA512
efb1f607286ce3be841754629524f85d7af54335e92cb23e7ad84f7aeb3f161c7ffbaf9d215a910d81366804b601035e8cbc7df3a88991062c5cfa6b43cb5339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
0cec568af49fb291c36a9f9389894971

SHA1
84654224c1fa1959585b0b7d68753b71b1bd9612

SHA256
db8e29e69c5b8f0ac2f98f6466d0d2e046474cc0128e71d5e58694ff84a949cc

SHA512
7e75fc7f7950436554b906bea03a6405e3008a5b5872414da6706ac6e847452680e230bca1810d9b33c64e01313bf72a699897465faeb2665d822d09292c4beb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
98f1cb0623ee6ad045a82ae03c25e44e

SHA1
2918b964c6f5e97e72f376f31f0c3173c19f78d8

SHA256
d5b19527ff740064a332ef9f95ad7476dd6a23bc5b024601f83f4390c1248234

SHA512
e8b9c07a9512288683f4032c1248fc0dfb3fc224c736428aea12145edfcefb1a41b5860fd3b251ebacdf933862ab86fd72cf2a8aeb8bad45589885ee31fb73d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
6c5ef2357a2544cd782491f04ffbec7a

SHA1
c221e6f04ff70b5224cf247bd2a6e444bc51d5b1

SHA256
b18cf73c0d24e033ea1b8d8874547cdef7f4b00dfb0d819531f464844cc79fa3

SHA512
75e3e72ae2bd65cbce3ea99d4748df9fdbe0456037b5080e150f8244574d7ef994c0ce6314f227b82a79088492c7c48ff0b82f345219ef4a08f5b3b4a703c780

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
4752d3997ad6bc5ca685b15088724f11

SHA1
aa801861e24f144b27fb3e5b0ac95fa5822bcab2

SHA256
c891792995824a7903645343661e9b3950debaf96231d0931e626f56fbe6026c

SHA512
a7791ba2d02eca0d411a47d6912f4156f21037669641d6067cf3837fdb35763b517a3051c7f896ab1830f3eddeeb3b6ea1e5faba68e913f5bb1e23ab908f2189

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.5MB

MD5
9a51bbaff2ff104f4d2448b377c86243

SHA1
902c019b75336ebc316def99c2a3c7ecc403bb05

SHA256
bacbe6ba84b22f8b8240d8d4cb9ca66d3036640526b5d970ef9dee97572a8937

SHA512
33a1334de1debafdc437724e0b9a43dcb6a8652b91f8b47ab609c4de9b541560f193bbeff5acd156e0d9a94a229bab6c6b15b07b1a683239bfca896c2524add3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.5MB

MD5
cdc512964753ecf553fc41d8b087304e

SHA1
5ea0b4794eff1204997ba3967f387c4cb727bb43

SHA256
7f02f44fc3501a3031978756693fc24b98dbba8bca832cb95dfd5a0f896fe070

SHA512
bbcd92f9ffd00862c9b88dd124d19ef124c19035b11be1888dfaa38efe86030cceb8cfb01f0120e748223ac41b74f9e91f040b952bc2a90973af4632e823c5f0

Download Submit
memory/5004-301-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-5-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-371-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-0-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-385-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-817-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-488-0x00000000FEBE0000-0x00000000FEFB1000-memory.dmp

Filesize
3.8MB

Download
memory/5004-972-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-621-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-384-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-2-0x0000000077082000-0x0000000077083000-memory.dmp

Filesize
4KB

Download
memory/5004-1-0x00000000FEBE0000-0x00000000FEFB1000-memory.dmp

Filesize
3.8MB

Download
memory/5004-1390-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-2062-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-2465-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-2913-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-3284-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-3358-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download
memory/5004-3366-0x00000000000E0000-0x0000000000BD3000-memory.dmp

Filesize
10.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads