Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    314s
  • max time network
    376s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/08/2024, 01:26 UTC

General

  • Target

    python-3.12.5-amd64.exe

  • Size

    25.3MB

  • MD5

    bbcb2fcf9d739f776fb6414afc12c80d

  • SHA1

    2d78877db5a8da134ab54ed952b961a7e750ec7d

  • SHA256

    44810512af577ca70b3269b8570b10825ec2ace2b86e4297e767a0f4c0ee8bfd

  • SHA512

    0572c6345f6a4f7f3e5c2ff858e3ca7ca54ae4478f3d59d8e18cb0f596e61dcf12aef579db229e83d63b30f15d6684ee6bb3feaea9413e5e636a503933057678

  • SSDEEP

    786432:jKEO2c6viGKJXI95MB6K3qtY9a3YiVTfwtzWo2CB8:XHiRuVKCY9a3YiRws6B8

Score
4/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.12.5-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.12.5-amd64.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:500
    • C:\Windows\Temp\{F71AB88E-09C4-4812-8037-B890D3B0DEA6}\.cr\python-3.12.5-amd64.exe
      "C:\Windows\Temp\{F71AB88E-09C4-4812-8037-B890D3B0DEA6}\.cr\python-3.12.5-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.12.5-amd64.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:5044
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4584
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:632
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.0.1633449770\1227205992" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda71460-7427-4f88-a59b-99571a65558c} 632 "\\.\pipe\gecko-crash-server-pipe.632" 1808 205a2fd6158 gpu
        3⤵
          PID:1356
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.1.1982920495\715932537" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ebdca97-3e95-4de4-9cff-ef8f8b7f5613} 632 "\\.\pipe\gecko-crash-server-pipe.632" 2164 205a2efad58 socket
          3⤵
          • Checks processor information in registry
          PID:204
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.2.895387021\1758922731" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2680 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2309f49c-d12b-4101-ad06-2b27923e7415} 632 "\\.\pipe\gecko-crash-server-pipe.632" 2856 205a2f5b458 tab
          3⤵
            PID:3308
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.3.986054480\574663988" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ebc2023-94b3-42b2-b3b4-1e3ae82a1e18} 632 "\\.\pipe\gecko-crash-server-pipe.632" 3524 20590d62558 tab
            3⤵
              PID:3796
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.4.1626208219\1617274761" -childID 3 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {355b8ef5-60dd-44e6-88f2-854a60f82557} 632 "\\.\pipe\gecko-crash-server-pipe.632" 4220 205a8ff6958 tab
              3⤵
                PID:748
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.5.1358584345\1201355811" -childID 4 -isForBrowser -prefsHandle 4620 -prefMapHandle 4672 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ef9f517-4ede-4485-9ca2-f9b489517310} 632 "\\.\pipe\gecko-crash-server-pipe.632" 4680 20590d62858 tab
                3⤵
                  PID:1600
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.6.748108104\198678381" -childID 5 -isForBrowser -prefsHandle 4816 -prefMapHandle 4820 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a418f7d-db6c-4029-8bfc-6106a57f1e7e} 632 "\\.\pipe\gecko-crash-server-pipe.632" 4900 205a9332358 tab
                  3⤵
                    PID:3448
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.7.476163657\1604442667" -childID 6 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb9115e3-eda2-4aac-a76a-567957f7b743} 632 "\\.\pipe\gecko-crash-server-pipe.632" 5092 205a9bd3c58 tab
                    3⤵
                      PID:4568
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="632.8.884026708\24423689" -childID 7 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd1b85b-ff45-41b5-b2aa-892e36494168} 632 "\\.\pipe\gecko-crash-server-pipe.632" 3444 205a9331d58 tab
                      3⤵
                        PID:2256

                  Network

                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    34.160.144.191
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    2600:1901:0:92a9::
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN A
                    Response
                    shavar.prod.mozaws.net
                    IN A
                    44.226.249.47
                    shavar.prod.mozaws.net
                    IN A
                    44.239.24.213
                    shavar.prod.mozaws.net
                    IN A
                    54.71.162.254
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN AAAA
                  • flag-us
                    DNS
                    254.162.71.54.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    254.162.71.54.in-addr.arpa
                    IN PTR
                    Response
                    254.162.71.54.in-addr.arpa
                    IN PTR
                    ec2-54-71-162-254 us-west-2compute amazonawscom
                  • flag-us
                    DNS
                    254.162.71.54.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    254.162.71.54.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    166.188.117.34.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    166.188.117.34.in-addr.arpa
                    IN PTR
                    Response
                    166.188.117.34.in-addr.arpa
                    IN PTR
                    16618811734bcgoogleusercontentcom
                  • flag-us
                    DNS
                    166.188.117.34.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    166.188.117.34.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.149.100.209
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.179.228
                  • flag-gb
                    GET
                    https://www.google.com/search?client=firefox-b-d&q=wanacry+ransowmare+odwnload
                    firefox.exe
                    Remote address:
                    142.250.179.228:443
                    Request
                    GET /search?client=firefox-b-d&q=wanacry+ransowmare+odwnload HTTP/2.0
                    host: www.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                    Response
                    HTTP/2.0 429
                    date: Wed, 28 Aug 2024 01:27:36 GMT
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    cache-control: no-store, no-cache, must-revalidate
                    content-type: text/html
                    server: HTTP server (unknown)
                    content-length: 3232
                    content-type: text/html
                    content-length: 3232
                  • flag-gb
                    GET
                    https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3Dwanacry%2Bransowmare%2Bodwnload&q=EgTCbg1GGP_5ubYGIjBkAR_4f5j7SEs4PW4L7al-0KgzDXDQxJbr4Ky80xScmwa20BWZlr7J2d0qBxpIpz8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                    firefox.exe
                    Remote address:
                    142.250.179.228:443
                    Request
                    GET /sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3Dwanacry%2Bransowmare%2Bodwnload&q=EgTCbg1GGP_5ubYGIjBkAR_4f5j7SEs4PW4L7al-0KgzDXDQxJbr4Ky80xScmwa20BWZlr7J2d0qBxpIpz8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
                    host: www.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    cookie: AEC=AVYB7crQbMxEqmsJEPabBfLwcjHEYVi9xi_Aegkm7SZXwOrHJ21vtxnVYg
                    cookie: __Secure-ENID=21.SE=ED5N2NDfWqzQACPDRUklqKP485SkpgCjcEFt1XvHN4doxJdGX3AKgOwhlj-V-v6ZKOVNA47DGh8itTRXrwOlquFKSiw1x4tHAqAZysKETrYIZqqbUO6KBk66tm5ExvZ0aGR8BEAMxNaL5NvgpqIWKo-YK_wt4c1IaRovBehUbyyR808tf-wkfp9-ED2R
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.179.228
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN AAAA
                    Response
                    www.google.com
                    IN AAAA
                    2a00:1450:4009:81d::2004
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN AAAA
                  • flag-us
                    DNS
                    228.179.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    228.179.250.142.in-addr.arpa
                    IN PTR
                    Response
                    228.179.250.142.in-addr.arpa
                    IN PTR
                    lhr25s31-in-f41e100net
                  • flag-us
                    DNS
                    228.179.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    228.179.250.142.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    228.179.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    228.179.250.142.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    3.178.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    3.178.250.142.in-addr.arpa
                    IN PTR
                    Response
                    3.178.250.142.in-addr.arpa
                    IN PTR
                    lhr48s27-in-f31e100net
                  • flag-us
                    DNS
                    195.187.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    195.187.250.142.in-addr.arpa
                    IN PTR
                    Response
                    195.187.250.142.in-addr.arpa
                    IN PTR
                    lhr25s33-in-f31e100net
                  • flag-us
                    DNS
                    19.229.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    19.229.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    136.71.105.51.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    136.71.105.51.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    172.214.232.199.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    172.214.232.199.in-addr.arpa
                    IN PTR
                    Response
                  • 127.0.0.1:49831
                    firefox.exe
                  • 127.0.0.1:49837
                    firefox.exe
                  • 142.250.179.228:443
                    https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3Dwanacry%2Bransowmare%2Bodwnload&q=EgTCbg1GGP_5ubYGIjBkAR_4f5j7SEs4PW4L7al-0KgzDXDQxJbr4Ky80xScmwa20BWZlr7J2d0qBxpIpz8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                    tls, http2
                    firefox.exe
                    5.3kB
                    12.3kB
                    32
                    29

                    HTTP Request

                    GET https://www.google.com/search?client=firefox-b-d&q=wanacry+ransowmare+odwnload

                    HTTP Request

                    GET https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3Dwanacry%2Bransowmare%2Bodwnload&q=EgTCbg1GGP_5ubYGIjBkAR_4f5j7SEs4PW4L7al-0KgzDXDQxJbr4Ky80xScmwa20BWZlr7J2d0qBxpIpz8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                    HTTP Response

                    429
                  • 8.8.8.8:53
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    103 B
                    119 B
                    1
                    1

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    34.160.144.191

                  • 8.8.8.8:53
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    103 B
                    131 B
                    1
                    1

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    2600:1901:0:92a9::

                  • 8.8.8.8:53
                    shavar.prod.mozaws.net
                    dns
                    firefox.exe
                    68 B
                    116 B
                    1
                    1

                    DNS Request

                    shavar.prod.mozaws.net

                    DNS Response

                    44.226.249.47
                    44.239.24.213
                    54.71.162.254

                  • 8.8.8.8:53
                    shavar.prod.mozaws.net
                    dns
                    firefox.exe
                    136 B
                    153 B
                    2
                    1

                    DNS Request

                    shavar.prod.mozaws.net

                    DNS Request

                    shavar.prod.mozaws.net

                  • 8.8.8.8:53
                    254.162.71.54.in-addr.arpa
                    dns
                    144 B
                    135 B
                    2
                    1

                    DNS Request

                    254.162.71.54.in-addr.arpa

                    DNS Request

                    254.162.71.54.in-addr.arpa

                  • 8.8.8.8:53
                    166.188.117.34.in-addr.arpa
                    dns
                    146 B
                    126 B
                    2
                    1

                    DNS Request

                    166.188.117.34.in-addr.arpa

                    DNS Request

                    166.188.117.34.in-addr.arpa

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    94 B
                    110 B
                    1
                    1

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Response

                    34.149.100.209

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    94 B
                    187 B
                    1
                    1

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    76 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.179.228

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    76 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.179.228

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    120 B
                    88 B
                    2
                    1

                    DNS Request

                    www.google.com

                    DNS Request

                    www.google.com

                    DNS Response

                    2a00:1450:4009:81d::2004

                  • 8.8.8.8:53
                    228.179.250.142.in-addr.arpa
                    dns
                    222 B
                    112 B
                    3
                    1

                    DNS Request

                    228.179.250.142.in-addr.arpa

                    DNS Request

                    228.179.250.142.in-addr.arpa

                    DNS Request

                    228.179.250.142.in-addr.arpa

                  • 142.250.179.228:443
                    www.google.com
                    https
                    firefox.exe
                    21.2kB
                    74.4kB
                    43
                    86
                  • 8.8.8.8:53
                    3.178.250.142.in-addr.arpa
                    dns
                    72 B
                    110 B
                    1
                    1

                    DNS Request

                    3.178.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    195.187.250.142.in-addr.arpa
                    dns
                    74 B
                    112 B
                    1
                    1

                    DNS Request

                    195.187.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    19.229.111.52.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    19.229.111.52.in-addr.arpa

                  • 8.8.8.8:53
                    136.71.105.51.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    136.71.105.51.in-addr.arpa

                  • 8.8.8.8:53
                    172.214.232.199.in-addr.arpa
                    dns
                    74 B
                    128 B
                    1
                    1

                    DNS Request

                    172.214.232.199.in-addr.arpa

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

                    Filesize

                    9KB

                    MD5

                    1798aa60e6f29812b53f7d97ffd83690

                    SHA1

                    3b9e6c161cf3fec33ef2953fe2a3801a61309acb

                    SHA256

                    d4e1497d28b33f6c6da6ddb4857dc1be55e0beb9f819ff603920d9bae4ea73cf

                    SHA512

                    4b264483375e89a578027dde08881060b1c2a762da7fca5d1c882cce1f34f9c25c41282b8a855acb4820100b11d9b6358a1f23947f6453bd9b54281e733e13d9

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3bc598a8-6933-4d96-a459-e4b67650c64e

                    Filesize

                    734B

                    MD5

                    6e37929bae6af41ea29036462bb146bb

                    SHA1

                    af1c25dc2579765a05677c1d7bfa154062c5d792

                    SHA256

                    f897c763df14277228f2f3e48f7a091b133ff6064d1e06df2a126b077a2cf5e3

                    SHA512

                    0f8236a63b58182d12f3f0087b01eaa9381e5d4de068ce73a369fbee25e4583f81f213339bd50fd7df0a782352c0f78b5ff90956da8d0328cc5bc98465b97db2

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                    Filesize

                    6KB

                    MD5

                    b1af24569894aae9c91cf24c693a39af

                    SHA1

                    0e94a3ebb68472046bf1cbaa6add445eab093559

                    SHA256

                    5a0b4cfd248ea55826cfb3746474ca400d4f5883cae2bb0a5c8d452adab50fb0

                    SHA512

                    b631159ed90a964a56fe0ca3604b1b9cefdae0fc536027ec6fc68d099a61fb7feca5fac0c5689120709dc69e3db20cb92e8698abf0481372b8e53d7a78a730d4

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                    Filesize

                    6KB

                    MD5

                    4aaf2a9934c2fb8e9d972351a7997bdc

                    SHA1

                    8bd8a097a093ba55d402fafec9c4456c031df379

                    SHA256

                    1749962f2617c0d62d1210d27345d4280e5c194681ee5fe68ff8552487cf0896

                    SHA512

                    8605a652f28563edb240fd8d840c856105d89e940cc0249105c9e85ae4d9a8b840b384460938453a59a543a769ff9cfc562ad1af61db894521e6534030b2dad5

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                    Filesize

                    6KB

                    MD5

                    83b49b2dbce57129c7f6530af1c3ddea

                    SHA1

                    2719a423ebb29a71d80c8f16105fcfb3ec235bec

                    SHA256

                    e7df7cf667ad2550d7a1558e9f7fb515c09ca233caed34ea49d3f9e73ad75a3d

                    SHA512

                    7c0ce18960070a264d92cbe9f16b4dcc8da80bf68221b44a74e03ef834722c1606a95e145773589d9ef74e58f4bc0585cf2a5d79f717ee4b27769dc5ccea9d27

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                    Filesize

                    3KB

                    MD5

                    8bea8e1ad8c81311d9c0222a8762785a

                    SHA1

                    52cba260d4dfb7b6ca20fc6db2dc41d82a3c649b

                    SHA256

                    8defc0d3ecda59aca8540826c53022cd03975c9b3c434236d398a9504df69107

                    SHA512

                    40cede401fa52b9c734241b9acedba81ff49846b4f7236d3fe71379eb4a3715a61af7d7096cfcc4c7615501eb30adaf4f09eaf67d099a17c8ea2f8a97447fe6e

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

                    Filesize

                    4KB

                    MD5

                    16a6a9006976332cbea3ecf4d2dd56f7

                    SHA1

                    044654c2f6bce36ff0cdedee838b474637fcb89a

                    SHA256

                    ab9e07ae52862b7b4c5d53322429855682cd048b74162bbdaa25d2edc274496c

                    SHA512

                    9568e516e083a99dee1e0e1f0e7ef28661008d728bb2865d42c7fc989bc8f4ee7ebc7800ff0da51065d852c91377b5fa4d0a3581c366a16dcdf29e02ec942329

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                    Filesize

                    184KB

                    MD5

                    e7d901ad03d22078f4c42ecc83c3bd45

                    SHA1

                    13ffe2ced2026e6b99c39a96d006c7832a72ba17

                    SHA256

                    fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

                    SHA512

                    8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

                  • C:\Windows\Temp\{3BBC82BE-E4E6-4844-907A-14327358907D}\.ba\SideBar.png

                    Filesize

                    50KB

                    MD5

                    888eb713a0095756252058c9727e088a

                    SHA1

                    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

                    SHA256

                    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

                    SHA512

                    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

                  • C:\Windows\Temp\{F71AB88E-09C4-4812-8037-B890D3B0DEA6}\.cr\python-3.12.5-amd64.exe

                    Filesize

                    858KB

                    MD5

                    7d3c4418445bbdc0b7c521a747ec014c

                    SHA1

                    bff06746ba8d31cfc34637bac0b86158bc2de7ba

                    SHA256

                    f268a252ca87e394a9b653a05a9ce715e1808ccf480fb84197ebf8fbc4482146

                    SHA512

                    033ab1141c1edd39ae5b713b9b20bededf2cb9fef493d93d46c87e2f40b9f0cbe73cba7cb7c6b0f5613fa058bd67ad400aecc358bd4f544470aa8a1ca193e91a

                  • \Windows\Temp\{3BBC82BE-E4E6-4844-907A-14327358907D}\.ba\PythonBA.dll

                    Filesize

                    675KB

                    MD5

                    de16adbe53c3cc500dd01a5ee9ebc813

                    SHA1

                    f4b99bd3c79bfa5c3693e37a0d649bb595422dbd

                    SHA256

                    e297b802136b33aa53b31b68183f01d421ece30dc5cc3519e45f0bcf4a47752f

                    SHA512

                    1733e6fda19be026a062585e225f4b14017fea34589e3f3fe48b0e9f69aecff772c44f4d962096b3e0c295374e79692cbc711ef3b7e4c4c4a8544c56de49c2a7

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.