hxxps://google[.]com

max time kernel
156s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/03/2023, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231026164905881"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
624	chrome.exe
624	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2076	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2644	624	chrome.exe	87
PID 624 wrote to memory of 2644	624	chrome.exe	87
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 636	624	chrome.exe	88
PID 624 wrote to memory of 2892	624	chrome.exe	89
PID 624 wrote to memory of 2892	624	chrome.exe	89
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90
PID 624 wrote to memory of 2308	624	chrome.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://google.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffff56c9758,0x7ffff56c9768,0x7ffff56c9778
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:2
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2824 --field-trial-handle=1796,i,12970537351577965299,1425636923522687920,131072 /prefetch:1
  2⤵
  PID:1732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2164
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.0.623041039\326992365" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdbe8420-9b3d-48ab-b9fe-76a8ef964fff} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 1932 1856be17158 gpu
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.1.389899509\1932440870" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d57184-8c35-41c3-8479-42df27bdc464} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 2316 1855de72b58 socket
    3⤵
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.2.246989588\1557521267" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2956 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8af9fce-acb5-4b4a-b108-a81f6a9780a5} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 2880 1856eb05958 tab
    3⤵
    PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.3.291105859\561804253" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3656 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69533b72-1701-4296-ace5-3ba633c09be1} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 3688 1856ad10a58 tab
    3⤵
    PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.4.1218874356\1093238878" -childID 3 -isForBrowser -prefsHandle 3948 -prefMapHandle 3936 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {704b8f48-d6c8-4de4-b942-a9b715386e6f} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 3968 1856faeb558 tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.7.72450413\1557801991" -childID 6 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a0fd2d-a7d9-4572-9474-98911657f10d} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5248 18570dba358 tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.6.1781296305\2079878304" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0477e29-b0d2-4deb-b8d3-49e4131975d3} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5060 18570dbbe58 tab
    3⤵
    PID:2036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.5.1719868810\1889271278" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4880 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {377af310-fea3-4ffa-a911-78653b1e11c1} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 4900 18570db9758 tab
    3⤵
    PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.8.1057447118\1977310444" -childID 7 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40e23112-17f6-4322-82b6-805d6138fe21} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5296 185731f8658 tab
    3⤵
    PID:4476

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\61f69fca-78c6-4605-9c1f-eb8de387de3f.tmp

Filesize
6KB

MD5
ae9e1cd3eb8d141c01108f56a3abd13a

SHA1
416f08d6d4e4847b01ea2942390d0013ccb5a165

SHA256
e29b1bc162e15404b650bba847aac1dee47891174d48a38f558d3465e35b98ae

SHA512
c36ea9cd557e3d96ca11e1849fd827eaa062eb252e57b44bdd9e992aab0c85f30a2b75607921f72aaed52d1b77523bb4e3b0865cc62ef183e0ff3736ff3bd69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9a9bc28d-ac8b-42b1-a436-789246946f63.tmp

Filesize
6KB

MD5
e07a3b8759df67dabfc33501594e30ce

SHA1
4a974ce5b19e403901386bb806526dc1ad71a036

SHA256
81ceafee124d29defcaf0d52407a52c30c5898ead183288da654538e3862fb42

SHA512
f05f9c3014a4ef0ef63cffe8f7d2f9be779476c95e8dc9c32d30ff37ac3dbec7ec03546179255282477367d21246acbbe4fd5aac602a06b3dcdc10ecdcf1aadf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
160KB

MD5
67145d1dd8c7201ad506c8734df41708

SHA1
9f10d87858deb8ee394d47a6268494905ee9f0c0

SHA256
e0ebeeb232953726660519b937e1cadaf1cb2461e8c044044ff2e9a481f085a0

SHA512
cbf26927e90100331eb8cb94bbf4da6ab431e7dc4919ca6068e672cb07b2d938351d502770433707e98bbc506297fa221dced4fbaf3af92d281da7d18f80c95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
b54cc6d297c0ceda1f9da107c53e0dbc

SHA1
af418fbc48d58561d60dba91d7aad1c841159f7f

SHA256
00e7b39715757bc210e6a1651abca15b255ab372ee7f0f9ed000fff40606daf6

SHA512
9b53ecbaed86da52d97fc074aa8e194a4c7529252c99c6d8c85f6cbebc29f5d7f3552cd4aead648d93d3ae3527047fc9d9cc31f9f1e2a120797c0174ff30d12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
21994edc36b3428c71413814c9e294b0

SHA1
788c44859d8e2a9d915547f054366f9fd5d0df38

SHA256
fce2fc389ca1c6d6a23e4cf6e0d82dd2d1bc3879aeb570ead6743e233a6aa55d

SHA512
b331ee213e3ad895fc326f558c271a6279da9d4de0d06a6c9a372db70831055dbe6e0da2420149bc710e06e24ff570a700a0d09d9fa0a84783aa5c9d1a3e94c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b7c17a0200d42c3ffaaa598ee7f24fe6

SHA1
c33fbef99a4a906e210031006612fd265b36a46e

SHA256
f2281b7f05229b97e55a36323936999944ef0b66427c46a96ba768d4f429259b

SHA512
c677e33a98db291462af8082a2c4a0207ba0438bd9da705dca04107134b8805a0dddb1db9b0906108d8f7eb1e4a43026f4270c1d07220c1ee6a62bfc29ca4085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
757d7b73811a2ebf52fa53ed14ce5882

SHA1
599d7c9fef976839034047dd09571d49aeab2cc1

SHA256
20b4679c2119bb3debbc21444d91c081b836f0e7a166e85cfaac4ae4c1d2914b

SHA512
92a407f5a8e5cf566c97b0ecb021596bb9fd187ca4f56cdcc19cf455460ffc401eb5d7070a984b84a3a534af1c750b2b565e8724fbf8b7ca6311a9810e139a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c29674152578649802dd91602a757a61

SHA1
8eef9a66b27b44dc04704988cf2297bdb1a55180

SHA256
f5f825e5736bc34fd1fdd1f7aee845dce4494428c63f1cb7be544cb4bb7b934d

SHA512
136928383e48960175d27828526115d832b09524ae6b0afb33cc074ffe51128620e87f9fc63ac29841f2bb3d5a23f1273031ee4e55651eed4ca306c6d122892f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
37c5683968d8bf976e0d486fdd2f6f8c

SHA1
4be959838ba37708db05fd9621e3f61ff7e0de1b

SHA256
eafef02ebf8dfa88b38713514b0eb24e28b80c65c6d69a11cd1d0428f7aaff05

SHA512
ef066c4922f30f320752df86904757292565c9acd12939261e37255d36a541e8aa86b6d106e4722ba31e548a0929b7ed1fe138fc1cf81431867d503ce22961c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
18d549508dea4e952cbe8812de692f45

SHA1
9183f9f808e172f968e9e07c3fc83147b418bd8e

SHA256
7896d05f3453543dcec9368d5c994ed5d7de9360f573efcfeaf0373062c16bec

SHA512
5eada91627ff62ef39af69de667087ce0605c5ec762619e87a64505c6fde53304333c39e2f22a0ac9accedb4ecf722215ed2a7ac70fc87c7d43ab0c86a53c076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16d8bd7f5e2938587dc6f14863d37776

SHA1
bb37e4dd8f60eae056d87312effcdbc569cce73e

SHA256
f460aa1a47da33703f2d09277a1b9fe10f9b3aeea7b8626416dc0658ec9e8b92

SHA512
9fa25b0ea60c5de333fc6b514eeb8cd6829dcf49a365e5aaef6ce308b737f99e7deac430923fd45aeaadc73d71272e116e74475cf4c7e05abe17e33d74e40cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03216f444d25545118f8b06581f553ee

SHA1
fc953adfb669e6d7dbe91a3cf65b59a9dde06659

SHA256
86bba5b1fcb1cc6bc2fac2817ea4a5e082059bb938f0fd94d23019243a174d04

SHA512
4039d23fb1d97f29ed654b00b6a71cb82ade58f51446873d4be598b39778b3d93bf34e60859a26233d6b928c27fcf1a76a99e8473613d0b23a4b0679310cf39d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b1cafcc52dfb820d101e46eddc67426

SHA1
fd3813783222fa5e102a119082e50d59c21053ba

SHA256
096af274fe625b64afadd968a067c164c02d4bc766790d09a8239654a02e1b81

SHA512
93b4c3b1ee070ca10070472f4ac1c60b021dd0d1bd61cd995418b6d82235cb2a93fdac5aabb7907e890f4580a1042ec7d3518ccc66993cd08bdfcdc2fbe42544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
37c28c62c74d1b961b3276a200b652f0

SHA1
3625e0431a383a63111d220bbb8725126ee6f0f1

SHA256
3ebe13fe1d41c383b6077cafbf5d0753d60825469ffedaafada9bb53c5b0d4d2

SHA512
a8d8876f95412603087592d3f800d87843d1f0bbc2dc0e0750091f88130e7f74a840a0f36ceff491d7faa49a70d8e6e4464b4bb3bb21d99e209a420c4b84f2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
ad249a591e5b1eee2d1954f6aead418d

SHA1
e23cfa15dd928ae49e3beefe8e0ec44058b22bc0

SHA256
21ea58b3717510dc345f6c3994ebbde5ef4bbcf0ece3def213d1176c4b3a5ee0

SHA512
cbf013396379bdfa9a9c0e4a2beb6e674799b6a3ed946fe4dd30d95e161658a54f21b76eda844a4a5e382c3da683bf47c1d886abf60d54f22b696ddac3cfc093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
c022b2501ee1070a9b278f1f99c57b79

SHA1
a656230ae56f370b279268f4d52d854a25a41840

SHA256
920df32b133676ada2bdc1df881ef69d0477efce2a7f61599489ffe4b3e820a6

SHA512
2c826e08bea5b2dad320f934d0479573dce3d0a4504cc41ede4a2690963afdc3a03c0d71a43284ceed14ccc765c238d34fe8dfe385fdcfa21738b2870ac6408d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
395a62186ee992b9dd6b51fd83b295fa

SHA1
ac2b340d8b068b444c54df0ceb8526c613de3f8a

SHA256
f6e5335c5ee3d281891ecfb8585b000fce35e2c9344ef865ec31eeece77a865c

SHA512
c7391b328c872cf0cb47f6f9d8b45eedac2548377274f7658651503f4a9040d46df6ae82f50f2139610a4bbf7878afb1959b3a2ac9c65c68ed4c32a979fddad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
150KB

MD5
548b62f220516021ab2baf66f1bd25d4

SHA1
d7c7ced2e164a723b60cc7a29827e953bc67228d

SHA256
7f4edc87819a6e1aa0a30fea736c1e12043abfd7f07e110d18c377a7a98decd8

SHA512
3755bf664b02817b49cdae2f78ae0f0cee7122079c3dd70d3b5de969c723b3a41d6145ef120c3ab7ace6542267f7e8b9700a3b8dc7e329912ac47eb2d8b40ea1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\3E2FE6B08035339AB950E75CA5B659713ADC654A

Filesize
33KB

MD5
5855ebc21c5f2e8a11ff3c78d656255d

SHA1
63dd5d8d26e9907eb78a25adc4f9830e2b9ef6e4

SHA256
1b633d70a61e77148cf32b2b3dc2e8a77e8518bfecacc943953793d642e9a357

SHA512
2ffe555baff67c23691b8bcdae54f6320cbaa321b9fc6780693e0a8222d19e55c222490cd5dc292cbee08567acc44100a44a6db5e6c9de3bf646bc3552a63c3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
e3ab9b7be721476194405a5dd6c56820

SHA1
8811eaad79db5e508df56517fead17a0b10292f2

SHA256
248702cdc858db624c28570b0daed0847efe8f72430a299d64b99d337fd56557

SHA512
44d65859aad6413db39fa93270639b1b10bad1e44bd981017a0a0ddb11962af0e1ec8ae0151018964a0ed294593cea3a4474f0d64d062b7ab7ee8e895b74f7cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
3cd1e890fa6424d0c23621ad412dc88c

SHA1
17def902daaaf3f82f2bf1847c6ea1d07073e2cf

SHA256
a4e76a166629fe278f96595801bf8979d7408e5d63a37f11a494faf7f66943d4

SHA512
b73970dd5ca47f5d5ac4f5cb42b40d5094bd62a7dced0b4e737c3e245c1c2c6f254b45e1fb27124b0f16c92305da8bba3109690cf7ac59aba87b985dd2094f79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
f139ce51bcd07f3686f966b5e75d9a23

SHA1
e50e81f7177d08af4d6d34783065d6e86007b714

SHA256
924614e7ffd681404a173021909e9267bea83bbc9a1b80f0d6e95c8545416ef8

SHA512
fc4006fd4709431adf4a8a2668be1c0baae2188a28c067f38ef28282805ba81fd631268494b904f79e6c4d2055a20abfd8bb81241a154665dd614e12ae83f283

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
2c0e33b1ff79aee45e1316d9fa688f51

SHA1
ee708d63784d027652a73c9a86adaa8111260b51

SHA256
91961f93e0f3ed3adf452b8927a17d4e054b08408b7422bbdd4121e6e89abee6

SHA512
9efd93ea14931ff50868548e729959dbd9cd9859b7b8c8d3ecfc1b98fdd1cd91f78c08e0d51894cf39236c8a40333e7a6d847c1c325aa1f925b4456980019f49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
ff8bc83c85304760e5f5df274a37c7dd

SHA1
616acd221343f0c3a3238a08d809953b86b5b199

SHA256
793e519b0d8d436f1ecdb464c36d4303ba82a3ca604320d2796f63e5a6215425

SHA512
90cded79b52601ccd29bc35c44e26ca555b719097559ec48c64080e3e536471c73acfb7430dc0d19023b2cb944549b6c25d62a924f7903f7f99c3303e79c4d82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8e756d0580307be0a205e886b0e67889

SHA1
c94fce9b6a3cc5a599316ece19c5ba40d612f3e4

SHA256
a2250f9885a46257917c1835827ecb87753d2e78ebb91ab8a79f042b13a5c44c

SHA512
ec8ad78517320ae30b10661f8632d1aaa68a6fc0d71318aa762805936f813a9d1872f66bd04f7834580bcb4f81fb514225e8fbde02d7cafa48c79300eabc66b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0f6f7cace1310102770eecda7dc2037d

SHA1
c25d26eee579911e03d31e2a4d078c212413b5bd

SHA256
e9dd44afd2bd7d4c553a0edc76515090a28997ba8a4cde3cb5799a5f7c7388a3

SHA512
c0ec542ee9cbd4a38eb2b50b992dc3a5a19381c41fa9649e660d5600a022217a76ac8e5c916c325d256a1d2c942b970f4ac8c4b3e9b667dd1651ed9d60c054f7

Download Submit