hxxp://sequt[.]com

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sequt.com

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234628345775054"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeDebugPrivilege	4524	firefox.exe
Token: SeDebugPrivilege	4524	firefox.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeDebugPrivilege	4524	firefox.exe
Token: SeDebugPrivilege	4524	firefox.exe
Token: SeDebugPrivilege	4524	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1452	1736	chrome.exe	86
PID 1736 wrote to memory of 1452	1736	chrome.exe	86
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 1800	1736	chrome.exe	87
PID 1736 wrote to memory of 2316	1736	chrome.exe	88
PID 1736 wrote to memory of 2316	1736	chrome.exe	88
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89
PID 1736 wrote to memory of 1692	1736	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://sequt.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd840c9758,0x7ffd840c9768,0x7ffd840c9778
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3128 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4076 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4648 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3148 --field-trial-handle=1784,i,10270301845168229064,11690912959502388011,131072 /prefetch:1
  2⤵
  PID:2828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3372
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.0.900849284\723320548" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecfd68f3-dc4b-4d6e-9fe0-76f6662c61fc} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 1932 20245816858 gpu
    3⤵
    PID:800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.1.463754202\62561165" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffc679e-998d-47a0-ba52-f010a02f10cc} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 2332 20237871958 socket
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.2.1552953773\200918254" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3156 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c609f52c-4f70-4f5a-9f88-36db7c973bf7} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 2908 20244792a58 tab
    3⤵
    PID:3148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.3.481432219\554410964" -childID 2 -isForBrowser -prefsHandle 2532 -prefMapHandle 3448 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5d0c6be-cda1-4572-a6a8-587267184103} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 2932 20246ff1758 tab
    3⤵
    PID:1044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.4.364574037\546336154" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b95a1c6-469a-4e1f-9cba-b7ce09d43f53} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 3816 202487ec258 tab
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.5.1805185975\1010336079" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5136 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b057eb6-9946-4150-b937-c61346268333} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5116 2024a998f58 tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.6.1988946171\1563970437" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08cd0ead-8158-434f-a05e-95e5a1cd4181} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5272 20237863858 tab
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.7.608547702\294371480" -childID 6 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf427acf-3552-4ebc-88fa-7bc3e08ea989} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5556 2024a999b58 tab
    3⤵
    PID:5744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.8.1557815703\2021331241" -childID 7 -isForBrowser -prefsHandle 5860 -prefMapHandle 4852 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {811ed4b3-3f24-42fd-9249-9bd1507aad2d} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5868 2024a996b58 tab
    3⤵
    PID:524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4524.9.438824947\772024558" -childID 8 -isForBrowser -prefsHandle 5660 -prefMapHandle 5668 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f86dca8-488f-4b1a-976f-8976bcb536d5} 4524 "\\.\pipe\gecko-crash-server-pipe.4524" 5676 202487e9b58 tab
    3⤵
    PID:5456

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
174a2b31d9ee54744d717e0a6e790725

SHA1
6256cf2eba6a41d0eba512219c067d483100ab95

SHA256
222222700ecdc439f321578bb6a691d345ba854f08071a4daa2087b3b6c9a128

SHA512
9148a480fa5274df3e6e753bf5cec1a38889355ff6ae1febcb757545eb59b6470f52e7737eba4f57df091a861e00c616c09712c516d452893ceb06e78095bbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d311f93174746394dcac62b8d68cb08

SHA1
c50174b3deb582a366891257a84574fba84bd3a2

SHA256
7cd351da9780d1e46b0f4ef1dcf92f41587cf09d3394b2ac2618724a67dadd8e

SHA512
7c610d9724e26740c6de7a3826bfb2bf789b8b7980f55c34b089ddc7fd34c92a3e28bde303299585e9663c57dc36e02861a7fa57f2bbf1b0918c747c81cddc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e1c5bf8928e46060a309c9f7e5007e2b

SHA1
71dde03c9143e902677b2623f9fa708e2cda5a45

SHA256
5af1611d038087a63aa990a6b6ab25dbf091691b7900d9ee81a08a547e3d986c

SHA512
7ed6cfcdd8adda0e9c5232ad0089d47d5123c7b2aa9746c9ce686f57c9c4b6c937c38c1f183460b8b837a0b465b68914f108eaefd888328d0432b8207112cbed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
4da180cf4976b93895c40a949d5ebb65

SHA1
03c21c4b928523147f5784b37f8405c41eafc43a

SHA256
40f563e7f7d46f0a352e1b9382821aad3a2ed35620edfce9b5aa66b97496d8fe

SHA512
8144cd9df6c8faa86268f4d3a24f5d8f1fb92a28861ab00665b8e3e1f1c893440934f55da4afe40bfa4f9ad59b74410f027b3d23ebcdd658c08223c50a941f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
5839cc8dbb483aa499e40c72fed2b0e9

SHA1
68fc4073a9ad7d4bf8cf342ece8e1aa3f6118356

SHA256
b685f809a2f891d6917949e2bd704fe9a2e14078b2adf41c67d9df458133e4a6

SHA512
a59c8a9008aebb71bde392f305d25a1f8b880a78dd1907109fb5d4f98ab604abe4ab9a86ae241f6a9ee10c12887a7378fe286f409191bf9b4aa0c18899f0119a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
151KB

MD5
17e226197f693a92e3e30c96bfb4fd8f

SHA1
07d83766a648c2c0cdb794ce2c01801a313187c1

SHA256
8f35240ebcef42fe198c50dd76ccf698c3376f95a5e78b072fcfb1f2f1313160

SHA512
366bb9cdb9c2b77b2bf7194e7d4ab8bb8f7a17d2c6ad1ba1f8f25b0283648886ab7241b34a168d1079cbb26b12a03951630114deaaaa28d16c8c144f3b9493a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\184C843EA0B8CD10730CA2564A233632E40FEF45

Filesize
14KB

MD5
3ce9711dcaab384d3ab3c213c2c62b5d

SHA1
5bd5ab3f43380d5326ffd81cb7e6b04e21575ad7

SHA256
3a34e9496fec608f1340f48c0ea004314508d14708478ac64be9207999118d4d

SHA512
fd7ab947ade3eba830a9fbe9b4a9063adaa4950afe544147c3dd040b09f022a7d2c2ece78a3559321230b54080da6c16a7d4c25ebd1061d7cc92e02e3aea75bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
19478b65b62e5f5be9a0862d9fcd6571

SHA1
727bf2f8f77b6aab044aca4fabfdb092ac3f1d2f

SHA256
4fe4338782bf63a0ee5fd9cf721de031b9cdebde0503bd1c6a5d67a164d9e12c

SHA512
2bf1ab080d353f8c45f92013e923ed83050aca5b5a09019c0b97e36241c68353a0b435d8aacdea45d678d61244e202290fb5fc1e71aa65b36720da8f745f9704

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
557d8f924045929793a00ca6697d52c9

SHA1
1a2fc337af983a69532eaf994508f8ad9fd2268d

SHA256
8b11dfafa6eb8ba7a61885752110b988a4e3bc877405d19214dbf8f5d6ccf553

SHA512
8d93dee68e50761d89f377371a25b5970eabb76691f0bfa8f583c03e7572d9fac50e346ee36b2a1aabb74db9bdbd31804803698e99daba24b92fbfc5992cb65a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
1bb1bc440fd3e3d332c3aa843ef6d36e

SHA1
e24714b285acad24a7283ffc1380fda53906adfd

SHA256
f39567bfeac0f6b81947dd179278c2d0d2bd2fdfa2a358df5d588ddd8467db6b

SHA512
4306128dfc7f7f3ccaa76ae652f94856fad875a80f684615d653b21ae307790e024d508673d6f1137b116899fbef3dcafc70a1310c4930e45866056877aec397

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
8381d4030a0c028d41582fb814727edc

SHA1
382d3fb66da3a43be8da412c118660779b8dacad

SHA256
ef161548b8d6a86209ec0224f988686d758d0d9bc17d36e118b21d2d9834e33e

SHA512
08bb20067f23cd2abb1761415aaeb7ac2336c4696c5325c1a6d57a4db173c99b2293245614efa6eac9142dadc8759c6f2f8d5e5c3dbb03f67549b1d1fa2fcd78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
8KB

MD5
3b04b89d6612d3708aa4cb6628c4fe73

SHA1
a9a982b8012f53bad12e763ea9350894fbe4fcf9

SHA256
ebf939627198a79dbebbb5ecf9b143598abb3828982e2c688163b4b85e739999

SHA512
0e9f6e4c18db404f3567b5166a6f2d97d9d3973aee7ffe7039eb51d48a6f44cc23961746fd79835bd7b0583dadee03d2aacc94513b5fde71a93408964a772c5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
10KB

MD5
7d94029f1fb96e56c6ee315b8f50ce4f

SHA1
d6ca9b92421245374bde7f01bf91b99ba97e6be9

SHA256
d245b0b35c797cde180fc07ad3620f49bda32af1815bd92aea5173cac5a0849a

SHA512
b1436850d75d55e2b9d32d4bc02abba92b578a19dc30574f36aa6b17b0579c35e56cc82531621ee69c33a9ee0de83c66ee3a31c5836f55d26d20e5b2c28fa3f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d67798aa1b3e7d907f47ef45017ff5f1

SHA1
b58ccb8b70e970d6b1f22b904fdafecb9792d143

SHA256
666db65f347b30ae5d1893fb8a16bf1ccb80909098fd40554924944d02edec23

SHA512
657a15642227b4561cdef444b53d4b9d506246326adc87d5aaeee3321c8d8d640f5bd14f95db7b7fddf9f5e48b827204675abee384290637cc5ecceade028b59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8207122386d7f70c00c1c5d30f2a6d5a

SHA1
6cfe833e25b2f9666d5fc8f1a334080e23f8f25f

SHA256
841185eb1336b452acdf1d5204cb7eba4ef4065b183d4cf1d167d5f31ea5e6e7

SHA512
bb7fbda46b2fdd7cf4f598f86208232320a217de801f1eeab20c52f04df2b104516b89b554e6ae415e885ff3b255c28c679f302e991f88ad9ad9afec7b7f3e26

Download Submit