c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Analysis

max time kernel
1039s
max time network
1049s
platform
windows11-21h2_x64
resource
win11-20250211-en
resource tags

arch:x64arch:x86image:win11-20250211-enlocale:en-usos:windows11-21h2-x64system
submitted
16-02-2025 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
8	1236	Process not Found
107	3112	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4260	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4688	firefox.exe
Token: SeDebugPrivilege	4688	firefox.exe
Token: SeDebugPrivilege	4688	firefox.exe
Token: SeDebugPrivilege	4688	firefox.exe
Token: SeDebugPrivilege	4688	firefox.exe
Token: SeDebugPrivilege	4688	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4688	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4036 wrote to memory of 4688	4036	firefox.exe	91
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 1164	4688	firefox.exe	92
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93
PID 4688 wrote to memory of 4720	4688	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4652

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkFDRDM1NjEtREExQi00RUIwLUJDNUItMTgxNEQ4M0REMTg4fSIgdXNlcmlkPSJ7ODJGQkNFNkEtQTkyQy00RTA5LUI2QzAtMjc1NjQxRkVFMDJCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTg1M0U2RkYtRDc3My00RDc2LTgyMjAtN0IzRkJCODFBODNBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQiIGluc3RhbGxkYXRldGltZT0iMTczOTI5NDgzNCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNzY2NTUyNTM3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5MjIzMzMzMjIiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 27351 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4aa5e7-3a09-47c7-9171-d65230999934} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" gpu
    3⤵
    PID:1164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 27229 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d919e42a-8e25-4d82-8367-4c8652269fe7} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" socket
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 3200 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c942132-67c9-41ac-92ef-480e7c1f1227} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2672 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 32603 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5219a38c-06b9-425b-94b2-17a3a2b475e7} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4604 -prefMapHandle 4600 -prefsLen 32603 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6812d038-9f8a-4531-8226-3e53770e73df} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" utility
    3⤵
    - Checks processor information in registry
    PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5472 -prefMapHandle 5512 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b957248-c060-4eec-9634-0d53e316a2e1} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 4 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {123edc30-7bab-4671-bbbf-0757e92ed997} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5920 -prefMapHandle 5924 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02094675-222f-4e53-8eee-ad8c588b18c5} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab
    3⤵
    PID:2108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 6 -isForBrowser -prefsHandle 6188 -prefMapHandle 6184 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c04e28e4-c4e0-4110-a000-6dd3104b8f25} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab
    3⤵
    PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
54dfb77ed8e033d2f380b2e41514c5b1

SHA1
a0177adc777efb2e10716751e790bdeaf5e0bb5c

SHA256
ea4e495c9dc420ea4bff2d0788de7207a0489be107e5b9e78afdcc51d622be5c

SHA512
0fa2a7a746618a80f55db6c79595246085365ff51362fec04928a5596f933093d046c8228b0c7c6f93c5ab2fecc139249f433832e9bb04e7b5052192ecaf3138

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
f49cfef2b2b5bef2591e58b8f2e0df78

SHA1
6107663d835212f234b256e7365e0668540fa370

SHA256
f90597d1863e00eafc1da65b736880f1087f56eff25dddae6d6bad4022aeb7a9

SHA512
db32af0d8ffcdc2d269fe19ec12da31d83b92d1ffaf86deffff1bee62569f11da85b112e004550b465e65801b9fb80324bf090d3d92559baad177bf28c853442

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VJIC4F2U7U1XS554QWV8.temp

Filesize
13KB

MD5
c407a6c3702f14a7da850d7e3a71cf23

SHA1
5d469135606f3522df0e1a536e049ad07123afcf

SHA256
cd949a2cd6fe5d1d6c3b1a84fadcd3500c2fc74ecdf0c9009ff20689b04e0531

SHA512
cbbad054732ae3a9942189a7f2a556eb203192793351f745ea328a86a70c6af7db036533aba45058a67a9443fd7bea47a24cd1748a3250f825da926e4c862f23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\AlternateServices.bin

Filesize
8KB

MD5
bd38bff0bfb08cb8db1f99bd3b81a6e6

SHA1
64396f184fa72a88fa1c2ded075d99d62d7b6246

SHA256
61940af23c2845d2f0d614b151a77b98d334c5dd45a1fd9f969a119fceef37b3

SHA512
bf31a1732cf28993902eca5a7397e81b7d8f732d72693cb8291dbb2d14112500be6e6bf95f06d8230783c394ef9eee967f2d54358cebea85c108b35e55d220d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\bookmarkbackups\bookmarks-2025-02-16_11_ZX5J-VnQcAGTb18IY8Ozhw==.jsonlz4

Filesize
1003B

MD5
f5fede34af06b203c8b60ec283fb573e

SHA1
053b40fd6a35030b473e5da8cf6a266b8ddb128c

SHA256
ac6f4544f9b17ac48e22fb9a16c91de37f86baf4babfdff8105bac4ff8a5c348

SHA512
e7faa0dbcbd836a746c0278712d0f7ec802435bb1cc2c7a5f0029fe35855359f9bb44d395c201a7201b9d4f0e9177e2a0df8050b3808543fd901180ff8d2d0dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cd652688b61ead0f8a9ad632d1cf9161

SHA1
0e2f6860799918dd92c5e0b10ca780b3414c966c

SHA256
32b83f1f6b25e794ac189c589f3c603ebc17b3ea8ebc48b904b8d1e98d6c18ca

SHA512
3c0e1e09287962e6c21ba3d7c1dca53699169824b4f4d92f0ceba810cd48bdb03409b91ccf799995e9e75fd5e778771973b45e92aec226ef5e2f5271e5587044

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
eebcaaf1f3a383181afc463523466772

SHA1
9d265c8f960a33849d70e86efb3a1e4892cb0831

SHA256
a0cf34dd1d8178e4f82fd400f8e196bc57c9fce44a799f49c6e08b3bff95d124

SHA512
eb4311254ff7cf63eaec9babff85c2244a541ef20f541c5137cc0e0a4da2882c0d067c943e4edbb210755c83ef22300ce9c7eb5865aded537481ea8fe593e789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
c4868d371cff32ef7e5f6d63be31280f

SHA1
652de99c2f2aa22faa07a2af5bc4bce4b9bb903d

SHA256
1696989a10e9cd5d58d5e6a8ecc9c5d63040bb87a32488d58e9bef709186e016

SHA512
df3e6b7c4aa7b38793582c4a89e28825d058852fc198a1883150e3e59cdc0c83ca0d13b839cc9e896eb71f9607487391e842d05ac82d999b655ea17cee678042

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\datareporting\glean\pending_pings\016fa33e-c669-4ae4-8410-eef6546c1407

Filesize
982B

MD5
152c2da9a9700417c63b5a6ae3cc443f

SHA1
11988d4fa2af0ea6dd8614cf42b2b9712dd2ea5e

SHA256
5717ec2593ee6f4b41eafe76683bd139f8be86797ff3014921b46d2dbea8b810

SHA512
9fe7faf716859603ad10d96ff4dfa151899c25aeedf762eaf68635959bec4595fbeba54ceacaa404942b3eb98edfe8ed483a3209e101d7ced1b6b55691c3ae85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\datareporting\glean\pending_pings\308353f8-4405-4b37-9bcc-639612fdf619

Filesize
671B

MD5
c37ce50e92cca5eb5b02dd129747a1e4

SHA1
7e25ac128e32bf3c90bf3431beac9a94f1b647ff

SHA256
96bb568a38b40cf5970494dbb6fee6926a8bc7ae02b803dea4ca5228677f4c81

SHA512
02e1d4500a42e655204b76641f8969c6e283e65ca24ed8eab98e7c4f81a785b87e30800b9755b3e31b7c42b538549bd9517b4baa81712751c7fe95631da27d02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\datareporting\glean\pending_pings\b6715855-1dfb-495b-a631-5765265c9d7a

Filesize
26KB

MD5
bd5dc44ab74fe7a09bf7276e6944009f

SHA1
df7e7c2bdbe873d15b47a90188770a0b4b69334b

SHA256
ff67229626ef862778637757d91015dda0f8fa9a286fbb68829265d234a8a187

SHA512
f915e1eb96a2886a69774d3193940238c283ad14bc3930ec270465024594988e635a592f9a719618a49efb48ff637ddcb8c15141b83c6f933ef6527873547dcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\prefs-1.js

Filesize
10KB

MD5
f5c8b59418996e8a46cbec1b5cc6ff71

SHA1
96f3ad8358ad266eab1f49c8dc8118e5b19e5a36

SHA256
fc6b8b54dffed485cd284cd7d3d3c0bd1c75d13950ab438bc028474fe14d238b

SHA512
3d4534599671a6fd04034fa979aafd4bc7b8f92e426fd47c577dabd6719b47537b6e3d8d3e336e64ff78c778f6053c46b08a0dd947cb031332e4cb9d34649e97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\prefs-1.js

Filesize
10KB

MD5
88038cc79293b8bb3b0672b38f86d156

SHA1
8efade023b2807c2c19a12a84b239bd5e984cf8e

SHA256
6a934c420582c200745d89d51e230195c5d88b25aaf7236f292045e33ca12792

SHA512
cf2759cbc21d0f8890afabec1f240e40c89c5646234b9ac973bc87ee223ac38e0f8bb0b77e7f8cfebb9c0f64590b40148eb01cf27bdfd5b854e482c8e67e5daf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\prefs-1.js

Filesize
9KB

MD5
bafe99cc330057f0dca38806e4564b5e

SHA1
fd55b99a6d8e3bf3789f99fe6d2f55157351d56b

SHA256
fcbc8d3552a335e1977a67e622308f2857dcaf7304b7054c6e033b1767e6d2fa

SHA512
debe331866a4e853e50b2d7e5cacac0cff1dcdf972f99f3ffa31b4ae8f4a363ac61a2ad30b18b72995b0460e3c511339705b192a00a689630a1a5aec2f147995

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\prefs-1.js

Filesize
11KB

MD5
f951ded6afe8ad64223127d239ae8b00

SHA1
7fe896042ed2f8ad212007933e73e563a6f2c052

SHA256
fa44ba7d2a21699e11f23857ec24ab182e14a94590ad96c654258d4e361a7594

SHA512
25c3d2133f7700c90ac1756a1f08edf72a29339ad7a22ebcf160c2adb089d1626fc58e35fde8f869f21c6bed2642c6f741937936180c4fe870eb887ae0a3f07a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
701398560e18f2f8f4c037a759bacce5

SHA1
39de8f41f4167b972ddce6431a8fa71b1a7497bc

SHA256
b90bf4dfb311fd2665872e0451cf17846298dc29a704d7d4b8ad41d17c5560de

SHA512
fe711bf0de8b839b30a8ca1d6b8d78bc81dbc08b6dbe843ed7b5f73eea733aa7e0e222c481b202d2ccb9c72ef83395d6f3b8f680d0f10da730d811a8e5e9815d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
8cd76c92dce4a1da6007d1d2e0bca2c2

SHA1
8b75f4c043b41930d429463913487a4c0cb599f0

SHA256
dcf814c93786fc11ca30d03b93b2ea7edf0d40609dcab3d79a49ea495f3a3fcb

SHA512
042afbf8c31c40f4383638ba99868dd27b9150ea9f04be0a76215e0b937e30c50b52e34512e85c2d236d73b15c05e4bd47e980ac2c51376fcf1f4732bccd7df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
2d7a43e2b0b6ee6f63b02356f099b65d

SHA1
7aebcd33a0d8c0f5ac503c84ff0d5bca63cf563c

SHA256
056de48837e6428698c95b9f0001b6425f69ebf7e82d0410c5408b1b92615504

SHA512
dbef4ea9a1c6e33e874cf57cf608bafed9b22740964fa227bd60db68abdf698d8a4e8ebd497c6f7eb5a90fcf8d06fc47a2b04d74d604272db88bb80063adf271

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cvbzj2yx.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
ba8e23e34a5a6ea2fac6f1564fd7c038

SHA1
bee364e601d71a7e586321fc4f6a1340b7df71ca

SHA256
8dbeb342ccb5abe8f93c643aad276e5e7283abd1e10f537f2fe0578eb655f4a5

SHA512
43e16d4f9488295f2c00eab8005909900850fb63646cd973b6e98e3a5739f67c86d62e8756c408e8e40bdabc4927371e334492ae0be0c69d86726bc1cf9836e3

Download Submit
memory/4652-524-0x00000000012B0000-0x00000000013D2000-memory.dmp

Filesize
1.1MB

Download
memory/4652-4-0x0000000005670000-0x000000000567A000-memory.dmp

Filesize
40KB

Download
memory/4652-1-0x0000000000A20000-0x0000000000A28000-memory.dmp

Filesize
32KB

Download
memory/4652-7-0x0000000073D30000-0x00000000744E1000-memory.dmp

Filesize
7.7MB

Download
memory/4652-0-0x0000000073D3E000-0x0000000073D3F000-memory.dmp

Filesize
4KB

Download
memory/4652-536-0x0000000073D30000-0x00000000744E1000-memory.dmp

Filesize
7.7MB

Download
memory/4652-6-0x0000000073D3E000-0x0000000073D3F000-memory.dmp

Filesize
4KB

Download
memory/4652-3-0x0000000005570000-0x0000000005602000-memory.dmp

Filesize
584KB

Download
memory/4652-2-0x0000000005B20000-0x00000000060C6000-memory.dmp

Filesize
5.6MB

Download
memory/4652-5-0x0000000073D30000-0x00000000744E1000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads