crimsonrat | hxxps://www[.]bing[.]com/ck/a?!&&p=1cb736670ed51278JmltdHM9MTcyMjM4NDAwMCZpZ3VpZD0zNDk3MWI2Yi1hZjZhLTY4ODctMjNiNi0wODdjYWVkMjY5ZjImaW5zaWQ9NTIwNA&ptn=3&ver=2&hsh=3&fclid=34971b6b-af6a-6887-23b6-087caed269f2&psq=squidward+virus+github&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1

Analysis

max time kernel
1800s
max time network
1799s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
31-07-2024 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/ck/a?!&&p=1cb736670ed51278JmltdHM9MTcyMjM4NDAwMCZpZ3VpZD0zNDk3MWI2Yi1hZjZhLTY4ODctMjNiNi0wODdjYWVkMjY5ZjImaW5zaWQ9NTIwNA&ptn=3&ver=2&hsh=3&fclid=34971b6b-af6a-6887-23b6-087caed269f2&psq=squidward+virus+github&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1

Score

10^/10

crimsonrat defense_evasion discovery persistence rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000001acfc-387.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
2692	CrimsonRAT.exe
2588	dlrarhsiva.exe
4660	CrimsonRAT(1).exe
4116	dlrarhsiva.exe
1812	Bezilom.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\StartUp = "C:\\Windows\\Maria.doc .exe"	Bezilom.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
71	raw.githubusercontent.com
73	raw.githubusercontent.com
68	raw.githubusercontent.com
69	raw.githubusercontent.com
70	raw.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Maria.doc .exe	Bezilom.exe
File opened for modification	C:\Windows\Maria.doc .exe	Bezilom.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\CrimsonRAT(1).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bezilom.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bezilom.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\CrimsonRAT(1).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bezilom.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	2692	CrimsonRAT.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
1812	Bezilom.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 3796 wrote to memory of 4944	3796	firefox.exe	74
PID 4944 wrote to memory of 1672	4944	firefox.exe	75
PID 4944 wrote to memory of 1672	4944	firefox.exe	75
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 2432	4944	firefox.exe	76
PID 4944 wrote to memory of 4240	4944	firefox.exe	77
PID 4944 wrote to memory of 4240	4944	firefox.exe	77
PID 4944 wrote to memory of 4240	4944	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.bing.com/ck/a?!&&p=1cb736670ed51278JmltdHM9MTcyMjM4NDAwMCZpZ3VpZD0zNDk3MWI2Yi1hZjZhLTY4ODctMjNiNi0wODdjYWVkMjY5ZjImaW5zaWQ9NTIwNA&ptn=3&ver=2&hsh=3&fclid=34971b6b-af6a-6887-23b6-087caed269f2&psq=squidward+virus+github&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1"
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.bing.com/ck/a?!&&p=1cb736670ed51278JmltdHM9MTcyMjM4NDAwMCZpZ3VpZD0zNDk3MWI2Yi1hZjZhLTY4ODctMjNiNi0wODdjYWVkMjY5ZjImaW5zaWQ9NTIwNA&ptn=3&ver=2&hsh=3&fclid=34971b6b-af6a-6887-23b6-087caed269f2&psq=squidward+virus+github&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.0.1003961673\1914219455" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b9f4e53-c09f-4ff6-b7ec-6278e9991f60} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 1832 1e9a26d8958 gpu
    3⤵
    PID:1672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.1.1228659304\1000050578" -parentBuildID 20221007134813 -prefsHandle 2192 -prefMapHandle 2188 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dd449de-8245-4c72-b501-b4d5b6cd3710} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 2204 1e9903e5858 socket
    3⤵
    PID:2432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.2.1470060636\26129466" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2764 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d316760d-5884-4196-8741-951994f5ef2f} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 2756 1e9a69d7558 tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.3.983418568\628609296" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {998a13ca-9b64-4081-9730-d3e26363bd71} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 3596 1e9a78d0d58 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.4.820668938\115074979" -childID 3 -isForBrowser -prefsHandle 4688 -prefMapHandle 4676 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f664787c-515e-4dc7-8595-d854f89ea364} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 4692 1e9a8446258 tab
    3⤵
    PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.5.1131937201\1604402638" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 4992 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00f2ce06-dc54-4a51-ba56-bace487ce649} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 4856 1e9aa034858 tab
    3⤵
    PID:1060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.6.1468570302\52575842" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0858124b-790f-4265-8ffd-ede74eac6e6e} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 5180 1e9aa0eb058 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.7.300487045\1665604523" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c795cd47-bed0-4fe2-badd-e11f9ed0433e} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 5372 1e9aa0eb358 tab
    3⤵
    PID:4768
- - C:\Users\Admin\Downloads\CrimsonRAT.exe
    "C:\Users\Admin\Downloads\CrimsonRAT.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2692
  - - C:\ProgramData\Hdlharas\dlrarhsiva.exe
      "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
      4⤵
      Executes dropped EXE
      PID:2588
- - C:\Users\Admin\Downloads\CrimsonRAT(1).exe
    "C:\Users\Admin\Downloads\CrimsonRAT(1).exe"
    3⤵
    - Executes dropped EXE
    PID:4660
  - - C:\ProgramData\Hdlharas\dlrarhsiva.exe
      "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
      4⤵
      Executes dropped EXE
      PID:4116
- - C:\Users\Admin\Downloads\Bezilom.exe
    "C:\Users\Admin\Downloads\Bezilom.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.8.1579431448\1231070420" -childID 7 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9537b8ab-715b-40c5-8697-17cbc7d7998f} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 5864 1e990370858 tab
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4944.9.710997691\1455802181" -childID 8 -isForBrowser -prefsHandle 1604 -prefMapHandle 1540 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f92766-a5ae-4bde-b5fd-4b99ba5d85c4} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" 6048 1e9a8446558 tab
    3⤵
    PID:660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15590

Filesize
14KB

MD5
55eb2169da57e9cb900507e2f7ad6972

SHA1
fe83afbab85885075b15e5f48b5f33f3672a1367

SHA256
1c2c51016327c0b59a94685885fcec56bbe47aa0e64b7b096ae51465d97d43be

SHA512
0d18311ba51553c78cb53285d02ef09d7be9d4682177b0cdfbe6ef95b7164473a93ec2f9cfd85a528abce617ce850c9b209e736c1ffe1d8ec7271ff7da5fe823

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A2BD72A3227572715C6CBC7E489B8F9A87263541

Filesize
14KB

MD5
c63a35689b4b23e800e17da0d802e913

SHA1
c84626cdb1f6352e5263eee37c02b9358edc1b2c

SHA256
701ad152ac99c53d5f135b581e2439d7e43b541317ec73b196c73b2d8c8ad4f7

SHA512
ff729321e638a90b37dbc357e96bd41ceff3c2341da7698119aedefadf2aee26d2a810c104a02d10ad67b1e4c5244fad22b483726b933f30d2fc1573ea468921

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
14KB

MD5
89b782a27a7af93d2624164d83f90b10

SHA1
70917d52abdaf7dca35b9781e8ed21c6b7f3021f

SHA256
d681ddf5412e10feceb169f883bd0bd2c8b242014e0aa95eeaf83f2165e2261c

SHA512
1de014ec8cea17148cc483d1491269a9141912f32aa70f688d797eaceb651984fa5b75f5090bb244301c05d52fb589460bb67e7cb93e45e2369a832178e4d2d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B47C2290387CA81094036091C984E8DF3E89AE1C

Filesize
14KB

MD5
4839907dd285398a58590fd25514b77d

SHA1
2889a442483902870f0d07ebaf5925ce7d58549c

SHA256
698e203e7a5699bc60a4aeffa122514fc85a65cd4da472d2103a796a8cfacb56

SHA512
72d653be955c3319d07352825b08a76b5850ca067477868d65f26a6a0c44b45317c9bcd4d0a5f25c9b961b41f481b9b8a051bc7dfa34fd2c722abb16654df431

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\ld4iLYaXnWeFrTB5IZHFRQ==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
46262311f63678e9df4bbd2b04c9a5a9

SHA1
0b2d9c853ab78a2c77fa894771750d576fe4540f

SHA256
afe556ba02b058b885d1e53ff2bf26564f7b8975fb215189d71dd6c3358dba80

SHA512
bb4f2e04ecbbc9881047c79ea44a7c0804f68a1c969a96244a65afb34f32abe233b43a88149106329c15a5dc961135f558d6ce7c8597f40ce6ee11935a256717

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-07-31_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4

Filesize
948B

MD5
7c618c5385632ed123b3929e89a9104a

SHA1
877eef304b5bca587c7f990c0b187b1fbe666e04

SHA256
0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c

SHA512
78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
52bd1b48c2a6b9d4ec86eeebcd976a07

SHA1
13653db480a424ff01335dfda9a47e9afd54b30c

SHA256
ec364b6707572d80fcc31dcafa7a8e39f26de9492f485eb25fbe7180ab1dd193

SHA512
a14fa85371d81edad429247cef6eb53dfc5eba01abe96a7aaaaa74b12110ae0de0dd8cdd19910b9d45434a8f7d7a5e4edbbf28cf8b1fb19d9855b48e3afeee98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7eeb6df8-f052-4b49-b92e-72e409fbb807

Filesize
10KB

MD5
e1f884c956ce30c09b00c7a7e1abac6a

SHA1
b9daa39762faa0502f234265471a2d89af0028bb

SHA256
3c747f193722117239ca77757cc1a0ba364d8fdee5be5b8c2b2863b2149259ec

SHA512
b9f407abbbe9a4dca3748307e39b5f00a3b409eb604d3b3982d4900a8a602727386bc7dac05739a40b2ea52925cc0c872f6fa9cfd8732c60fd6fd5c3e1f915a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\911b373e-7701-4370-9fbe-42e72fd1dc46

Filesize
746B

MD5
9533c2977539f23e4d540e540717c031

SHA1
351235db381bae6794c9f2e03c5733ffca3799ea

SHA256
0c209693b725fe3e6bfa0e2fa671f5ad8d1d97eebf8b993a7d116535b351ebeb

SHA512
85c549da1853910cf85d3ef6a813ff31ea9c67481982c63b968cd57cf670c5c27998fccad93e329dfe7f88895c86aa70634098b929f866ce1b069c92893659a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
6942305d230ba0a6cc2252d993434a84

SHA1
726785402282cf8b98af56379730c16456e3df23

SHA256
c572dd463fc158bc98ba11639ec69a4ef954c39ac477405c75ab4c35b5bc29da

SHA512
1611c4821965ea526d7f054a26b561bbc3e22685f6dba6653ef93b959a7d4f2d96d61d940e167729291ed2a9860adfea40c89088e3c4abfcb2a9c7f3f9722616

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
2818a9f8eae30212428bf04364aa4b8b

SHA1
b0f3385851e83f24b94285948efa01ae25e7f961

SHA256
d3d7ad090c5fc9941214b51365c9715aabe80d0072389a4e3948ee5d2da6c6d7

SHA512
275ac118e5f2d1fd093a73ce5f1c8e4890e371055d5bf6aa69e3cb1232229102847a222c2021fb56842402ab7f29f4019dbd42aeba79f1aa2ee00629f3baa55c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
20c10153613e480056256268bd1aa613

SHA1
76f7196e8ee263f8c58e9f3572cfba6e4c9e64c2

SHA256
229a3a71f358da85dc4489646a5fb8688a80c98b54c7cb536b7057cad72b0483

SHA512
471d1cc8faa5b137b6dee5c02216b12585b140ee55292ef6afb8417cdf4de841de5ed31e403563a3793bff61c6a50ee0d56ad39a9880f1fe652966024fff5552

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
9c35f8cbbf981ec7c7b59b806ee3cdb1

SHA1
9a4456301c98929610e9b911dec7c3d9cb0d4cec

SHA256
dcee3065fcce94e9aff86566213e03a4cb8dfe7eb626d04c29a93e9a75126000

SHA512
39884b2b907fc7c331bfa10be7a5a5ca637d9643d636a66bef2ac335d670241acb19ece572740f4ed88b005a950fd8e85b5ab5d60b83f2a73b71ac2b62570138

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
84e7a96b88a5efc99731c3145c53c843

SHA1
e3fb9766e576074859828dcb7242627e5ce4f3ba

SHA256
1cb6754a96d1fec07602283a0bdfea651fc75db11ab8f2535871eae3bcccf0e4

SHA512
7c1d786e3b2f580576a73c24e3f22a48b49e1a14587f6c61f80ab0baf7eba277216f2c1d1d5487f831a0b9b8fdad9c078f9e19c0800af567ddea6b51aa14a1c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
abeef50d8cce88c0133203af8240180e

SHA1
f7399f870f8105b3e93e1fa066714c017c38134d

SHA256
33ad5ae362f3082344f410ef6561c995e6847dfac3d80ec15101ae73de5ddc2d

SHA512
9588dc579d68cbc12e8603ebc022a9fced6a2c6044a5bfdd56f3fc83f2d0167190692877be36f00613a38fa365c07dc24172bc1d1b05260406bf7e5d18bd937b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5f956245c4e7b1d1e9ee4d0b5c41f0a2

SHA1
9e101d1812006c0b831557ec0810bd4a89e6943b

SHA256
7e390cc341f891634785b6937c1957924303154d78f3e6a8fed9b10cde78cf00

SHA512
cb8d39568852b6945b35385dba35fa94de740bc4984a56c9c48d9334b0405fd4cba2ed23e328129551e794534801cd84fca90f2429ec14928d8b132ebfa0a5f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c488eb7b6bfe21cbbbba8524eb2c02c3

SHA1
dac3cfc3327f18aa1c6d13f7818e75019bcdc699

SHA256
b2ff57f2d6c52db7e23f8150488baacbc37d802b18635061cb4ac755ef167416

SHA512
ee5c0e761e504697921dee7db9bd0361f20a8fd712c6ce760336b0f4b4ddfd15e6506ad990e6bc50bf55716026e8d2a44487b2d3c5337020d422f9fe59b193d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f37c37087ec96eaa6ab48084471fa32c

SHA1
3dc26175ea7035dfe2453dcc53ec1d33a2aaffb5

SHA256
69223ef05fa7d86dacaa9501e8b1ad47fe66d783d9c364ade621cb9c3803f5a3

SHA512
163c391b03f5a95a701ec29e06c114f82272c03205515bfb54e0f6957181148e62dfb2c6e8f59e5f1f2ebfc664157b52af0b05104e9eb50f544f506e936a7d55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
11b99598dc212525a68eb6b8f4fba547

SHA1
44980baaa2956747b53e9f26d8cc9a5f4c8a3113

SHA256
5e5496d4301155a583f140ebff37a3a4c5ab812e7362dfd4ae53f8df94915786

SHA512
95012313ba72ab1cfc2424ac60625b3041ec1d20bd03ecd34b62e1448c92d5eacd7bf64e6fb3082df7c71b019fe0b6f2ca395b54db180f65bfc7614c011dc685

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
f1a667060fa42112b2fe0a85a20c1d83

SHA1
95feb7c2db28ab1e138264631cdc3d7a9c286f9b

SHA256
2ef01f958c45c8af26b156427b9f02ecc018766b750fddfc6b35b152e8b3445b

SHA512
7d275d3c87e549b16e8dbd686259e76f279c0a63fea9b3d439b7795b3fcdd689726697a28c41b0dea200276a9127f954767ca1e8bea0a3b2daa714cb9acc423e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
f2c1a1be43f92a0c12af945f037a6ea2

SHA1
2166ca1e2e63276498ce3be76667e3e0ab133c1e

SHA256
f12e6a490e5cc9e2fc724f36413a840924e3ba79c1d36ba21c0b818f8cb8183a

SHA512
2d614ce4414da9ce5cf2f6fff59a5b4f8bc4473a04b612ef27099e857f143849c6489f7ce7d8499f9aa8abe5b902eff274025bb0d1d199a9bdb96b8c56a20836

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
698ebe904ad12016bdb0310658a5f2ab

SHA1
d1f476c0f2e01f781e9ba8bea951968bdb5bee3a

SHA256
02cb06c54978f22a1b3605a356015d50d10ad311a998b0876c810f8c6a527731

SHA512
578db5fff7fbc69d2b230aecfcb2ddf4e1125c7b9d34446cdfba00708fa1dd34cc990c13e4cbd7ec854f5492bb06263ec5e6d0a9f5fa0b55ab6cfe12bbafe1ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1fdc13de64cfdb8ba3fcd71aad9d33d3

SHA1
b7649cfd66d751435fa56a4b4b20daace452c692

SHA256
fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

SHA512
3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
24543bd90dd412f1168c9f7b37c3c3f1

SHA1
803ab97a288de2e392a58801790d97ba0c35bc89

SHA256
c0707d04ec7c00463287f3c884854c532fc722b59945561bdceef5fe3052c127

SHA512
c0177a3e4ac1c1180e31a7533f79003f453045f0bbe5cc2671026e7c4538c02f27e1402de665f153e5bc67e7f01f0b48a18bb81694b2557c5755ad044e7d2516

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\Downloads\Bezilom.exe

Filesize
28KB

MD5
8e9d7feb3b955e6def8365fd83007080

SHA1
df7522e270506b1a2c874700a9beeb9d3d233e23

SHA256
94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022

SHA512
4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536

Download Submit
C:\Users\Admin\Downloads\Bezilom.exe:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
C:\Users\Admin\Downloads\CrimsonRAT.exe

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
memory/2588-462-0x00007FF8A3370000-0x00007FF8A3D5C000-memory.dmp

Filesize
9.9MB

Download
memory/2588-392-0x00007FF8A3370000-0x00007FF8A3D5C000-memory.dmp

Filesize
9.9MB

Download
memory/2588-390-0x00007FF8A3370000-0x00007FF8A3D5C000-memory.dmp

Filesize
9.9MB

Download
memory/2588-391-0x000002A2D5E30000-0x000002A2D6744000-memory.dmp

Filesize
9.1MB

Download
memory/2692-394-0x00007FF8A3370000-0x00007FF8A3D5C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-364-0x00007FF8A3370000-0x00007FF8A3D5C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-363-0x0000017E7ED20000-0x0000017E7ED3E000-memory.dmp

Filesize
120KB

Download
memory/2692-362-0x00007FF8A3373000-0x00007FF8A3374000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads