7aafcde2226638b90444930cc84259526b8e4055a4d05b3a67e29fc28e071ac4

Analysis

max time kernel
120s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28661d8a840f756fce1e50713b94b4d0N.exe
Size

3.1MB
MD5

28661d8a840f756fce1e50713b94b4d0
SHA1

099f1ecd92d47c0b24099c06fdfcc203a767e6be
SHA256

7aafcde2226638b90444930cc84259526b8e4055a4d05b3a67e29fc28e071ac4
SHA512

79850d82702e3d78ed7699603ddf44abc5759267e6ddf51b9f4ef9112ebd13b16d4093ce1a0d220652ed11aee2dcc83aaa8103b08189c866e9e8bcd1db360372
SSDEEP

98304:14x9oOsNvCVcZoI5uLJGNBRo524lVsLA1:m96C2oiNBRo526VsLA

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	28661d8a840f756fce1e50713b94b4d0N.exe

AutoIT Executable 12 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/2500-356-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-365-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-366-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-519-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-1698-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2475-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2476-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2483-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2484-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2485-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2486-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe
behavioral2/memory/2500-2487-0x0000000000170000-0x0000000000C56000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 13 IoCs

pid	Process
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	28661d8a840f756fce1e50713b94b4d0N.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	216	firefox.exe
Token: SeDebugPrivilege	216	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
216	firefox.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe
2500	28661d8a840f756fce1e50713b94b4d0N.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2500	28661d8a840f756fce1e50713b94b4d0N.exe
216	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 4528	2500	28661d8a840f756fce1e50713b94b4d0N.exe	86
PID 2500 wrote to memory of 4528	2500	28661d8a840f756fce1e50713b94b4d0N.exe	86
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 4528 wrote to memory of 216	4528	firefox.exe	88
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 2212	216	firefox.exe	89
PID 216 wrote to memory of 4232	216	firefox.exe	90
PID 216 wrote to memory of 4232	216	firefox.exe	90
PID 216 wrote to memory of 4232	216	firefox.exe	90
PID 216 wrote to memory of 4232	216	firefox.exe	90
PID 216 wrote to memory of 4232	216	firefox.exe	90
PID 216 wrote to memory of 4232	216	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\28661d8a840f756fce1e50713b94b4d0N.exe
"C:\Users\Admin\AppData\Local\Temp\28661d8a840f756fce1e50713b94b4d0N.exe"
1⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8503746-bd3e-4845-9189-cdb61ef39ebf} 216 "\\.\pipe\gecko-crash-server-pipe.216" gpu
      4⤵
      PID:2212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c394771-aca3-4837-8c60-b0592c3fe8c8} 216 "\\.\pipe\gecko-crash-server-pipe.216" socket
      4⤵
      PID:4232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3284 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93a8f1e1-8447-4934-bba7-a92b88c56bf3} 216 "\\.\pipe\gecko-crash-server-pipe.216" tab
      4⤵
      PID:3900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 2800 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4a474f1-6d0a-4b55-aec3-b60bcc34d9f7} 216 "\\.\pipe\gecko-crash-server-pipe.216" tab
      4⤵
      PID:2556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4672 -prefMapHandle 4668 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {167d2018-a504-44b2-8cec-933cd32d51e7} 216 "\\.\pipe\gecko-crash-server-pipe.216" utility
      4⤵
      Checks processor information in registry
      PID:4684
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bd42d72-043e-4213-8a55-70fddcb0c319} 216 "\\.\pipe\gecko-crash-server-pipe.216" tab
      4⤵
      PID:3160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71507eaf-8fb6-43c1-bb3f-ad61ae2b129d} 216 "\\.\pipe\gecko-crash-server-pipe.216" tab
      4⤵
      PID:5116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e47100a-a688-4bd4-bede-c9fd2eb33ed6} 216 "\\.\pipe\gecko-crash-server-pipe.216" tab
      4⤵
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
e0757d5041bdd015dd5737ac46c3abf0

SHA1
5277905edf24cee3ea3ae7d0b852438608fafbb9

SHA256
4ecc805ed3a49e81a79604cdb9094fb215fa7ddaa9bd1ee504c8eaabb4030b93

SHA512
82af571712767c613940a76270de6ba712895c3c71c7712c3a51747d77339738c1f28101fb296cc7871d8bf1b08c26d1c8ac3e20e5769869c59d98627a0bec33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
f37f5ad327ccb43b8a8c538e111c3c5a

SHA1
64ca35c0ba938209249417c653c10160a7f39a57

SHA256
cc183f7596bfa8411aac572867ff443ab6b9b71b8c175d3b82455769ebbff895

SHA512
4e600ad76765389c69349fa9fc10f42f43e83545a78278c354442bc3c23c010b12b3ed9eef71804e80ac7135ecbd2c50252d401cb3b880e64ce0ab174e6a6bc6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
d0c476a72a33075df1ebf7c334c6a298

SHA1
a064701c3fd9e21b0daf4de2bf09154c080e4398

SHA256
a6b83dbc19c54e6c72ce258ef84f334c47ffeafb2a7f3ce1a88cc688efe08bcc

SHA512
65a32f8977fc1d2c58e6154283bc17d3cf2aada93602b9a585d68cbc88a5f6086c85c27695eab1d95b353c17bf5bf1cb14b1be294f3519d5355548eb46e8d69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
10KB

MD5
775bebf1887921b8073ab0232224195b

SHA1
c4052b6f8bc811fa9b0798aa11271449b16e2a59

SHA256
c140dd9f40d6a13052ded5b57827cecf099156aead8d4f23c58fdb1791a2df83

SHA512
85c7d8856cd35624d1655a7062c356c78c8185e98ba6546c4777162cd94a0c9ae834cbe1b9ea9144e9837ce13692c35bf846e294f7c014adf9970c827492821c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8e27995fe319d636ac74733afa4f481d

SHA1
0710d9c0af635b7360cbce1a297bc5a3cc276a29

SHA256
3f67ac689c1fd978932e8aa3582a8d199433c55e56077b65f7c17a8478323726

SHA512
d196c9ff8ce71f718bab6807665f7f8eed47295f2771047fee6e83ad12bc2d40488595878ce3b7e408dd64d03ca0a00287dc107490ef5758006dc9b394921186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
8e78735365e9d23284a8829b01047a2d

SHA1
50658f00fd54a0a1c6190ca094895abe0d32dbe1

SHA256
22fc8653b05ba2f29ab2ebd47b1e10eb74e9325db932a950d147d7d8b3058d63

SHA512
54c3badadbfd29eb8e3cb56b92841f66edc074ca65ab40d68c5f0bd66e28d3f00c7991250e557dd83a41082f55532c3213e0ed72825fdde4fc81d5327e9fabae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\0b952e22-b0c1-485b-852a-364c6978ccc6

Filesize
982B

MD5
2d2bc26e61dfa3bf5217ab4503eb4182

SHA1
5528ea3a9577bb91f382857683239d47f11ecb1c

SHA256
6bec2245a4df1f215bfffdec3fd9143c7c23ad56b7d72c591dafedee277fe734

SHA512
2dd892f121a947a271d2e33b5916398041c8092565173ae7fd3f63fa2f8a4e6eb54a161d99dd1d5e57f441c8967918832608e8467eb706825e851bcc1455b25a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\87e062d7-4ed5-4a83-bf51-39ddf9b75a24

Filesize
671B

MD5
bf928769871154112cac39e2e7935b57

SHA1
a8fa0f752f591da7aa5272611b0916ea82d81144

SHA256
f40e6a4083c6485c2b5c06d072b361b5897e19b6a541a7ecfb694b390a7a37a8

SHA512
c6af3ac05e4e453ae047c124a77c346c496ab24c0b524197113a8b9f5f16e556d5a6e28fa141a78ab6625770393f358c3c8aac33fcf1319c372bfc530898fbb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\e3701464-8289-4e39-bae6-34ae5e660ce6

Filesize
26KB

MD5
8633e136b614762a56c6be40b48952b5

SHA1
a7e17f3d95b3da69b778bfe66f64a09e35c66c08

SHA256
0a80dc9646b7fb524faad3e2cecce81f4e60d863665a55260cd65079e9822d08

SHA512
44e977bbb3d871e4cf211ccf586f6f41316c593b63cf04e7164e8dd15b2e79cb39d980f442d52e2f6d70b21e749f1045a8390795a14f94bf2a87ab2d9d517478

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
13KB

MD5
37559107e36d3a8af2d0693f03108c6f

SHA1
626286d16c665e35e0a712546f3f596106135aa9

SHA256
4f7edb1d61c2cbdfafc4cd7d8172c96f976e53ed518800d6631d8bde53dd4186

SHA512
c795b2449bc4c59b64fb928d342641cff1d0cac4a2563551f630a4140fc37369853ed485ccc08950154a8a0c2d4ec0eafe28a58b44870e6c37ec8c9da9884ed0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
16KB

MD5
9b2db130a1a7204c6aac9eab8acd4f61

SHA1
87a6e72dfd817f729bdceaaa9710ee9b51a8806b

SHA256
b0a002e8d2ec56d197b37ea8cad1d6d2049e1106235f8ded3ada024f3b133da5

SHA512
49295de64825f676a4e6d06742c30613e8b8712eaff5e5ec264ee6bb5e0e8804f3043ea5c29bea68ee1b14db7eac3a8dc3f5760d5357a6cd6f00255aa7ebb4a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
dbe565e9750fd8f3f3f156b5b507bd9f

SHA1
97c44140f5b503d053cf6bc2bf03dee09497a386

SHA256
d6abc212ccede78af0c778c62d8271c4bed6136e4db7867fcf94025bd6403b96

SHA512
6adc3cb220fde2b64405c386279746b243ea8fddd58d0438ba9519bf23d66ce81a3fb4d4f61464fcfe11228353561c971963f130479afd81567942ca3d5d0257

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
e847b49a2df3b467a84d2a77e5b0d872

SHA1
bf64456507edd4ec602765f175a393d1777f8d7e

SHA256
aa0c044c63acfacd2adfa436f7333a86cecef7992c60a029c522c5ea179ccd10

SHA512
4c626cc3891615021eb3d9c96000973d4407b631f9948056e2d809a39a5caf17a466f705498ccd993dacde67a4b1efdcd2291591498381e0c12ab7e3dc0dedcc

Download Submit
memory/2500-0-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-366-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2-0x00000000777D2000-0x00000000777D3000-memory.dmp

Filesize
4KB

Download
memory/2500-519-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-1-0x00000000FED60000-0x00000000FF131000-memory.dmp

Filesize
3.8MB

Download
memory/2500-371-0x00000000FED60000-0x00000000FF131000-memory.dmp

Filesize
3.8MB

Download
memory/2500-365-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-356-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-1698-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2475-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2476-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2483-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2484-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2485-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2486-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download
memory/2500-2487-0x0000000000170000-0x0000000000C56000-memory.dmp

Filesize
10.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads