Analysis Overview
SHA256
1ba45cd0782c5f07d93c0772a99ba3445a6e5e861c69573e390cd16f115f2e3f
Threat Level: Known bad
The file 4733e0e5b18060021efc68cde49d5000N.exe was found to be: Known bad.
Malicious Activity Summary
Floxif, Floodfix
Detects Floxif payload
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Loads dropped DLL
ACProtect 1.3x - 1.4x DLL software
Installs/modifies Browser Helper Object
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-28 03:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-28 03:50
Reported
2024-07-28 04:02
Platform
win7-20240704-en
Max time kernel
113s
Max time network
124s
Command Line
Signatures
Floxif, Floodfix
Detects Floxif payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4733e0e5b18060021efc68cde49d5000N.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\e: | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| File opened for modification | \??\c:\program files\mozilla firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| File created | \??\c:\program files\mozilla firefox\maintenanceservice_installer.exe.tmp | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| File opened for modification | \??\c:\program files\mozilla firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| File created | \??\c:\program files\mozilla firefox\uninstall\helper.exe.tmp | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "4733e0e5b18060021efc68cde49d5000N.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "4733e0e5b18060021efc68cde49d5000N.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Wow6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4733e0e5b18060021efc68cde49d5000N.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}\Model = "209" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe
"C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.0.1392999377\1376066332" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1200 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc94558c-f23a-444e-9310-8e7c3b2a6adc} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1348 ebf0758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.1.650086198\508051027" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf1118bb-433f-4e1f-989d-0cdf25345710} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1532 142d0d58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.2.1605412188\326761583" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65f6ff9e-fc68-4e56-a315-ab492772ce4a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2084 1a1b0258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.3.377670289\2067662103" -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c594b3f7-b2c9-44b0-8658-4307f7007331} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2904 1d43e158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.4.89993384\1886806204" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3592 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea458fa-e102-4af7-9b0f-8ffb46cafa7a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3612 1d43e458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.5.553361415\1897592793" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abcae144-1dbe-4388-8d34-d3e62a1d7316} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3708 1e74a158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.6.1749487140\2079413403" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c8670c4-5070-4166-80f2-239460f640dd} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3768 1e74aa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.7.1611394907\1217950870" -childID 6 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09acdb4a-5031-4016-9510-9e09582c7260} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3932 e5c158 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 45.33.2.79:80 | www.aieov.com | tcp |
| US | 45.33.2.79:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 13.224.132.3:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 45.33.2.79:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:49229 | tcp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:49237 | tcp | |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 45.33.2.79:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 45.33.2.79:80 | www.aieov.com | tcp |
| US | 45.33.2.79:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
Files
\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/1292-3-0x0000000010000000-0x0000000010030000-memory.dmp
\Users\Admin\AppData\Local\Temp\A1D26E2\7159BD850C.tmp
| MD5 | 5f2a805d39fe300968d719d973e1904f |
| SHA1 | 219ff669b97fd22a9821a54916b2c8a7b8716e67 |
| SHA256 | d0c97d8f8fb30b1c041bc45925112f5d3c16e82c39a1f4c60174380e4e0fedad |
| SHA512 | 9b1735278c2d1371f1aaa7c12c9534ed12fcc558d07634e4e8a04ada91fb4192e7939aac2a0e383f0f1dae6e8d5e86f77a1166e53e9e55425ce0a2a866439bb2 |
memory/1292-13-0x0000000000CD0000-0x0000000001296000-memory.dmp
memory/1292-14-0x0000000010000000-0x0000000010030000-memory.dmp
\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp
| MD5 | 32538be1e84c39b3cd7bbde1db6080bc |
| SHA1 | a7d3bf1ab255c8f2e2cb297781b58f70eb183a4e |
| SHA256 | 636f839575997b1b64f06ea230a45c567ffa986c157d495a0b6748fce18067f4 |
| SHA512 | 0472264f2892660f59c3dcb2162856005b6d6303ebc9244986f724f0541551e3aec121b7712c1d2425adcd335cadc1f0f7af2a781631e515675bb0cdfb39de34 |
\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp
| MD5 | 6ee45792e600ecef9312694ee07cbe22 |
| SHA1 | b8313f855f1b1e8bef7afe42ebfe3f03c7a763c4 |
| SHA256 | 3d78bca92f0651aaec24738e965c0bf79298830c5481de230c924f903cfc7a1e |
| SHA512 | a574e05833505e965881ea4bcafa747162cb6d70c0ece7bd9999886b4063aa0aa0586be75ed3ccbea3140a3b0d312cce7b3dba7afa457228d4cfd30b027e0b1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 0ce28de2cc4464a974d44d689b1abe1f |
| SHA1 | 557e4395b52fc78b312c4fa418431e526450e5c2 |
| SHA256 | 32f4e589330920555a5a1e2b5544c36b3d6287fe255706903ad10cbaf03e58f4 |
| SHA512 | 98e2bf81acc4e886c54675e1e47cda836b1c636ee0a721d8135bbbd7264437fe86bcbacfaca25359022bdb5124047fac92b3326f4033f8052261e964c7abb101 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 5bf76caf6d297a7d963e645cd2541e0d |
| SHA1 | ede2d8701adecbb91018ed26855dcea9a1511b64 |
| SHA256 | c01b61534f282dce55c40176c7e5cdfe5680c259a6b09bb005a4850e319fb39a |
| SHA512 | 7033e8e74521fb8379546faf5f5030f21278b63420d6d47bd9a7a15c8ac83b3b4e263a60e3e2bc633b4a7186c58527c6ebde4336949c18a4a6801127040134ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\656f5965-8c5b-41ea-8c95-8c22c0d7005d
| MD5 | 335e91524e8ce72e7217ad9a792a4566 |
| SHA1 | 81fd34b97708754de6f8c895068d0ce4ddaf89c8 |
| SHA256 | 6009c71b89b25087757297d1f293d7f3895dfa348cab23f98ac6ffba9aaeeee6 |
| SHA512 | 2d7c26e9ad11069e129fa1477dbc540631569f10c7db70f9c1dda10fb9b499e9fe265979bf925ec97864b8bb5b0baa20394cb180301ab2f32823ca9522e29797 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\b0b97f02-d3ce-4097-870e-cdfa44adfcb2
| MD5 | 334b0f9885de7b0e8f7dd902aef7d6ad |
| SHA1 | 60a210dae446e57c2410828d5c64dfa6d66b7d68 |
| SHA256 | 4f3c0049fb7d021455f7c7325e21d2c2821cdb4a94bf04c862313d7546a30389 |
| SHA512 | 25784f418a2cb16470e94bba5ca195a8dff396c475a50fa26a42acd90263b73c5e72d13b1145e3909f27667708f1abb234b854286ae8b2cce559288aa8cd50d9 |
memory/1292-110-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1292-109-0x0000000000CD0000-0x0000000001296000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js
| MD5 | 3aeb15f2a7e5755d29780f221579f8d9 |
| SHA1 | a86cbb3b76f745e1c8619a5be8af0ffaff2d7c55 |
| SHA256 | 5eaf0985335dbc821a2ab737dfa5948fe4a2cc386d2c3e1fbe30589474e68f09 |
| SHA512 | f95a1f4b00077a0657a3dbb80331626523cffb87678cfabfb7e5cf94d171c5e27ce9880625229ff663a31c73d48cbc73302843fc21104a6febc8885147005414 |
\??\PIPE\samr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 7d66915990aba4601a318ca7254eabc7 |
| SHA1 | f20269d510496a1c924756844a9735ee3246f064 |
| SHA256 | e40be38b0ef9fefe690deeea00eccd7ab28657ccb791b5739844ec08b39ef97b |
| SHA512 | 765c3c0f291eff6ee5c59317c8f3b9eb61a022a3d64ad96f65146717b53a64553e879d385d967a4c9ba5177ea43ce414b50542b3f69c4e88ce3fe36c5d14f06d |
memory/1292-194-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8f3ef00451ba52f1121641552beafb88 |
| SHA1 | 6428f44a48d00f627dde4d6dbc78603ac656da85 |
| SHA256 | 311945376e3534ecc5f35fe72be9fcc4ec3faf079499d913c30c1b4ed79ea10e |
| SHA512 | 47297aa3f9cc20be76706ee11f4fce732ca7663d5d7e4ef76dbcf2dd5e34809bf42c159861268d3225f466d184fd1dd38bcf3505e0f63ba559e1faeb00eaa2b4 |
memory/1292-214-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1292-213-0x0000000000CD0000-0x0000000001296000-memory.dmp
C:\Program Files\Common Files\System\symsrv.dll.000
| MD5 | 1130c911bf5db4b8f7cf9b6f4b457623 |
| SHA1 | 48e734c4bc1a8b5399bff4954e54b268bde9d54c |
| SHA256 | eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1 |
| SHA512 | 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0 |
memory/1292-224-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | d6c198dd85236eaf7b8954deea96b9f9 |
| SHA1 | 8f5fd7b8677893b06807abc7daf081bd8160cd08 |
| SHA256 | 67d1a752d48b89f4094bf45589c2f3fa8f9b4738a4292f7f00c7180120338980 |
| SHA512 | 2ecaaa6ade6b500435bf16939ac623d60d95d9d551d6c8fb0d02358450cb816961353116c1e4b4da1182bc2a14b73f05c49631508a05d039ba9eec4e14bfcc4a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c5d41ddc57bb2e7a6e04e79881852d39 |
| SHA1 | fb016db4240b67fdd2b15c8d961c7f5fd716b9dd |
| SHA256 | a6e6f1bf7d35f8d74085069f66a728ed539a6dc5ad378becd1d31a1c56a72ea9 |
| SHA512 | bab28430bb53e291d2a3ca96d766d14fd8b337e01771ac8277dd937eb652be9dcf3d732502d20afc5018ec7a9587e97a065cca1bef69dfd266989d6b86c3ede6 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 2ae675cfb705d958c41e16c69817b10a |
| SHA1 | a39983cb05e9796cc31658a7e984122ed794038c |
| SHA256 | 2b0262ed7ec1c1c751169f67f3eb150cb2cb63768f5a915e3dac502e04a3d670 |
| SHA512 | 8d108f821e854c59965b46166b03a10d2f3513c53b1dadf4f1103914713a3ca9ac213976479193ba4fedaea0b5f16ab4e215df7d0d1cd8a972ce8b09b4772f37 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/1292-310-0x0000000010000000-0x0000000010030000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-28 03:50
Reported
2024-07-28 04:02
Platform
win10v2004-20240709-en
Max time kernel
117s
Max time network
123s
Command Line
Signatures
Floxif, Floodfix
Detects Floxif payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4733e0e5b18060021efc68cde49d5000N.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\e: | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "4733e0e5b18060021efc68cde49d5000N.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "4733e0e5b18060021efc68cde49d5000N.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4733e0e5b18060021efc68cde49d5000N.exe" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\WOW6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\WOW6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}\Model = "209" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\WOW6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe
"C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da30288d-7e38-4364-ba8d-0238ee464b0c} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1886c388-3f39-47b5-b43a-e2f093701095} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3124 -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3020 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0287b9b2-8594-4b8c-b537-82fde62a2ef0} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4084 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b04aef7-f2e2-4756-aacf-a5a4f06167ca} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4556 -prefMapHandle 4564 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d85f190-2c3f-4777-a7fa-c882283f61cf} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5240 -prefsLen 29197 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f91804-debb-468e-8e43-a01888452464} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 4 -isForBrowser -prefsHandle 3400 -prefMapHandle 4284 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4badddf6-59f2-4b39-8c3a-6f05b02c454f} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {841d043e-e56d-438b-8c5f-99f21516e8a0} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 6 -isForBrowser -prefsHandle 5668 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab2b1d93-0f4d-4ac3-bf4d-9f8fa5188f97} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 45.33.30.197:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 197.30.33.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 45.33.30.197:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 45.33.30.197:80 | www.aieov.com | tcp |
| N/A | 127.0.0.1:62834 | tcp | |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 133.27.61.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 13.224.132.43:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | 197.205.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.132.224.13.in-addr.arpa | udp |
| US | 45.33.30.197:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:62841 | tcp | |
| US | 45.33.30.197:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 45.33.30.197:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/4236-3-0x0000000010000000-0x0000000010030000-memory.dmp
memory/4236-13-0x0000000010000000-0x0000000010030000-memory.dmp
memory/4236-12-0x0000000000440000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\fb86c675-f2d1-4f8b-88cd-c6f8b2e8d2be
| MD5 | 5eba03a1fae42acc2dba87e16c13ce1d |
| SHA1 | 99a420eb19ce7b0bfe18e84498d3843e10a3133a |
| SHA256 | 7a4f0a560bcd089fa0218f77c9590b4f5bc74883c400c17ba2fe18a2a33f7153 |
| SHA512 | adf8c3feada2b99f673e52cfe4fd99b81fb0efb3945da4387911bc16468cafeebc2854c1ea1fa14cfaf806c70d10c34cb02902c546638ceac60918bb2feba246 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\a5e3c196-e58a-4d43-83c7-6c052dc3acc1
| MD5 | 97abe222aab4bbcb67defe9053629c32 |
| SHA1 | be7ed175d78ade4fe190615986d82b355294b77f |
| SHA256 | 67c7c13278641f35d34e5c702288afdc5e24169739a99960cc4adbc619ee1f1a |
| SHA512 | 9f973a97321d209de372253f98fdec1add6b00177e48b240e2f13f74423b11e58ab268d613294b9f91974bafabf977974c077706e93af1a899e61c334b5b71c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\08fef3b7-6c19-49b0-8c75-d58b457ad54e
| MD5 | eef575d44ea406807775323e36f0f612 |
| SHA1 | dd1d267a2f940a01d0d0b658306722e10cb26a87 |
| SHA256 | d659b707b3c95287e080fb2d1691ee07e6d775435741cdc13fb5c5b5c512b7cf |
| SHA512 | 6f881b78f3079e68f02cb5f081c83783a6d980d17161ef464feebdfd5929aaee8689d7844ffde7eaef0fff8edd699dfcb3b5157bfaa98a74be0b2ce56a0ddcd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\activity-stream.discovery_stream.json
| MD5 | ddb5369dd8bc89eaf94b0df664cc8959 |
| SHA1 | 8d8f4e12f71d6754cdf912fc9e6723b14cac64d3 |
| SHA256 | d4d8b6abebaf60f7b76ae158264a2a64a9d08a23143d72dd3204bd1faab298b6 |
| SHA512 | 0b889953023e4885a89fb1c76890242cc7aa0952eef91c3f6fb3286d03b28fdd29f503b0a2edd71b0f7a5588556e97706c488535f6a22fc8d3890577d9dde337 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | afae00f72496f0508b46bbac05c8ae82 |
| SHA1 | c2ce5267a8383ae90b4af50585099bd1f8c8866d |
| SHA256 | d5755a1f4951ed76259e91f8e2a29dceb2bfa38c89173180dec00665ab4fe669 |
| SHA512 | d9cfef2d5e12ac35dada1f26aba8f8cf713d9f8d2341381bb1ff086d406312ecbf89e8d96a176de659d4889708dac967143c6d1d721c584329cd91d0cef29905 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js
| MD5 | f7f48f03503fc5a64c5ff6b5ff2247e4 |
| SHA1 | 70f86909a7a37027f7116815cbf744f8b85598cb |
| SHA256 | ea691b5eded88e8d5175058f26b4ed2b550fc5cf8595ef535e733c61c46be89c |
| SHA512 | 27c41e7f31a1c57bc383aba082031b298f0005a04ada8abf929712973160c30d316276cf6d24b1a5e6487629ed4850e61a9329932e3bbf853566610711259cfb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin
| MD5 | 6aaaa6b6532378769784878a80e06486 |
| SHA1 | 326f6d64531e634882b15a7fdce793e5fdd5b1dd |
| SHA256 | 8e5d1d7215cc2f3fef7b975a38a321fcf45b56d8053fb757f1e019d78e7fd532 |
| SHA512 | 85591980f304ae1d3dda9ed79f606b76dc89d790c8832ea2fd7495aa0a218f4adffb4b55fd6033a2824a5b5bc26bc55c520f6e01377a70eaf3b0fa31cdf58c4a |
memory/4236-384-0x0000000010000000-0x0000000010030000-memory.dmp
memory/4236-383-0x0000000000440000-0x0000000000A06000-memory.dmp
C:\Program Files\Common Files\System\symsrv.dll.000
| MD5 | 1130c911bf5db4b8f7cf9b6f4b457623 |
| SHA1 | 48e734c4bc1a8b5399bff4954e54b268bde9d54c |
| SHA256 | eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1 |
| SHA512 | 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0 |
memory/4236-397-0x0000000010000000-0x0000000010030000-memory.dmp
memory/4236-404-0x0000000000440000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 28189666b16796cc92588a0f68422a4c |
| SHA1 | 94a4e53790c31e6c1aa7687dd60e6b7bcfbca9f4 |
| SHA256 | 8901d83704b7c5dfdadf40c820a36d495279c872c7df0da0128b3368321466b9 |
| SHA512 | dd29f2fdeff7652e0924e0a78c858f77540c5c9ca76ad5c9a460dcafcb4526feb6d5e4044d17634139281c7e05b9d928fb9261bb2478e17319d49beaad845ec7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 5a5d4af49e26c9100cef2d44d515068e |
| SHA1 | 3c5575047b31351ca7e89fb423f790554b4f58cd |
| SHA256 | 4ec3eea6c104b5e45408b33ee498a8b1dec28c2c5a3e083a85ff3463dc271ecc |
| SHA512 | f3a40f495caa8fefe73abe44581c0518f73015e1228329a6d3ccad73d0f67b54c17b5c6ca9265ae66fada819844229ff1a21f4c2068fb22ea897ae19a520d637 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js
| MD5 | 234339d6014eede8840a3c25d735be3b |
| SHA1 | b3397d2d4657abb4432b88beb047b4707a636bb0 |
| SHA256 | 1fa5696750d579ed4028aa699fd1fb45b264384524f110f4c0e588cf448ce079 |
| SHA512 | 202ef68269d7035e78d3dfa083e585f09d9f0d0cee6366c77ce811e1aa61015eb90144c53977adcb89e405a1f6505746833af67124735a66b30eb442817ffca9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ef9d98518fd185de5f7fedaa79540166 |
| SHA1 | dd07ff61533cde872097fc7de8ab98df283c639e |
| SHA256 | 53aa0e55225a557ef1283eb7d1e016e35eea7c0c261e487e89b3e19e163ce7a4 |
| SHA512 | da968e17d7fc9ff8845cd40bdc8ce416128865a1541561d218c795c73ec56fff68a2f5436e7ca31ff95b7b6c1ce31928c3ccc2cbe7b6d04d00a5dc6aae89e68f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
| MD5 | 6c23041fe4b1ddbd06ab18b8bb9a691d |
| SHA1 | b0385b7a54b37b93758399b761e308117b9471a5 |
| SHA256 | 21fdf51f99a3913cd5e3fa6f8c83a20d89e89bb254fd6ebb10c2e9c69358b99b |
| SHA512 | cc7c7e78a27dd2717ec920fc4c5606d5ea7cdc880a0dc3d158aa70b48419f8e08dde4e7f0cc47e423bbd1797f034847b116697e8afe81fd40c5a0e32a01df256 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ca93e755d8b4f993bf9886f1dd5c961b |
| SHA1 | 42dc93562a4710854c780cb428100b4d552ae3e8 |
| SHA256 | 2e425b50cffb4b8ede90b1cb5767fd2c51d75a9221029fea77177485324b499a |
| SHA512 | d6ed8853842e94b4ea411d831e5ebacefb5428d3342f3cccc2bec5e805a9a45850f1575251d081e0e8873d0be99bef3b257908b5ba5608ae55d50ac685020c4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D
| MD5 | 030b70d5ed3e2039f44d9274782ca0b9 |
| SHA1 | 04f77a5c82182c9a21bb7af3a1e8203482c06928 |
| SHA256 | 9a2f5333fcae5140ccedc3f599a895b30b804e91afc74e32fcfa2f81f131fc23 |
| SHA512 | 1f6a08ff4aa3262d6f1ef98ec01154152437ec73cb84758443db0899668604816e32399cc9fde85d89e9c0b422089b676852c23d9411dacbf9071eafaf58879c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin
| MD5 | 29f8a1772a860bd7f7ccbb289a4770a5 |
| SHA1 | 6713166224f091a662abe3ec55215b9a4c0b3a81 |
| SHA256 | 3d6a74101b347e2bdc95e8c6c4e5301f1f581a4cf4921cd69e0bbdd32e42410b |
| SHA512 | c56d238de26d8b3a5047a2babcf19bb7b8cccfd1cd3997d1c48c0d14d4571181c9fbd9ce04431d8b33d90805cafd358e67d05e8fbfbf740c2a4bce0827d4a2ff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js
| MD5 | 7a1bdea9cd219fd163fefbd33e05eebc |
| SHA1 | 9dd024e847568ebcd1a98cb28d74e5824825c3ca |
| SHA256 | 334d0ae6d89559ef4d771d97ceb5eea745410c92e2d502c1e7605c388cf64ab2 |
| SHA512 | a15ee8fe91bd50637f801becf5c8b6086c362af413ea991ba2e9b70e2f3051894bc3e62010f9762bc902145a466017a2289f4ca091e101007958cb1e970d8a55 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 0257d87435dcee8e8f6e8b76532526f9 |
| SHA1 | cdaefe19d15006e1140e9d85142bb48e802da1f6 |
| SHA256 | d391e6fe75976eed321368720b304d407943794d322073e626a26f8d41555bf5 |
| SHA512 | a679dcee08aecab2221339eb5d272f6fa50de1a895401b2aa8860bacc5f427f21eae8b6549c1ccf609b0c0ae0067c475e5fa854f41f1337c0a4ff1940dddc03a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 8035d85321a1cce0842fd7c3265d0575 |
| SHA1 | b8792afa0c0ffc803cbddf876ac175cdb0037982 |
| SHA256 | 6a58b5015b32f9dddbb1e2285b0aa7efd210dea64e53a3677b86b6aff1e5d8ad |
| SHA512 | 12969797da841843e903d047cf050064d5b0feae7cdd4aac0a7c2e3e021a7fa41ba095d372103e1585a1fdaa71fe3dbe79da3db9f6bf2215568f98435bfd3de2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 695c66002fd2be1055117b8308df13e7 |
| SHA1 | c67b12c1c252f99805f6210c7a6aee634e902219 |
| SHA256 | 13138543eb3ba93d726efbb61064c34467ff54b25d12174c0b5fe57d7a34fd29 |
| SHA512 | 699c7f462e42ece728976f607cc9bad86c8beabb5128a500c7bfd7e844ec32f0f760c8970791426027d6f197a45ed98dd96477ae5090c224ac312e967659fd8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp
| MD5 | 36e5ee071a6f2f03c5d3889de80b0f0d |
| SHA1 | cf6e8ddb87660ef1ef84ae36f97548a2351ac604 |
| SHA256 | 6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683 |
| SHA512 | 99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e |
memory/4236-2672-0x0000000010000000-0x0000000010030000-memory.dmp