9fc5bb1f3d8ff042defd203ca478e9cfc3dfc4ef76b944a5e6ed3b585dada59f

Analysis

max time kernel
337s
max time network
369s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
28/03/2023, 00:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

1.5MB
MD5

911bf9eb6e0590622048fc003a5bdc67
SHA1

0c5e7a6c25576510b8c5cb169dd7a3c1e1044155
SHA256

5cc7b30455abce01f7b7b907874c717c7c1dec034e205bccbf024bbde20132c5
SHA512

77db1bb38bb16c9679765a0bc25e1a6963648874877c48b67d00e063c48a56354de89983b45630c5d08d93bd4fad2da9d5ed27d69ba7345a73943bef50e680fd
SSDEEP

24576:G4nXubIQGyxbPV0db26n8V8RB9HMgOeD/Lr7mOI+IZVf5Nw71HEpt:Gqe3f6Agwg1bmNZRwCt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	setup.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\msmouse.PNF	setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 21 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
380	ipconfig.exe
2788	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000af653a432a26840a7b5ec4575ca9dcc00000000020000000000106600000001000020000000eebf4f3a6a9fcd74da5e25968314d1204defd09e03b1c5b102b51d7cb421174c000000000e80000000020000200000007406bc317e66b6b4725ba93bbac5fa4bdead8b3a913421e6edc5975a88b03c81200000005b83ab73aab6e29d8e9d795519a4dbcb7a2a143c13e74a60d473794dee04f14e400000004fe9e5a4b7142f2e7efdaef11e89efb0cad62c3d68720905d4e5f20a4d0c0dcc5d144ddc318d9279ba3d177c78a6b964a7f36408b36ca5da518c6b3b91b7152f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31023374"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{16872E78-CD02-11ED-9347-5242E575D265} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3958308360"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06f18f00e61d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3958308360"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000af653a432a26840a7b5ec4575ca9dcc00000000020000000000106600000001000020000000ad5efac6cd00055ec843635d667f495c3ffd7649fc3ac561142c748c40e70ac5000000000e8000000002000020000000cd5ba781fef7c0c7b0ce2aed418ab61a2c5a89d13f9913fc8d9a32a40501e55620000000d9bea2e3c9d7791cce5c0992006b5212892d5787deb93b0e0564ac3578bf1c31400000008cce7061749ef9964d53e4a77c6e1c416a5d4b14060e7ac39abdcdb3f48dea6dfdce070f8eacf26a20373f345edfd244d23a6a0b982a760e8fbe67d9a76a2262	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703d30f00e61d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31023374"	iexplore.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3228	firefox.exe
Token: SeDebugPrivilege	3228	firefox.exe
Token: SeDebugPrivilege	1524	firefox.exe
Token: SeDebugPrivilege	1524	firefox.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
2180	iexplore.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
1524	firefox.exe
1524	firefox.exe
1524	firefox.exe
1524	firefox.exe
1524	firefox.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
1524	firefox.exe
1524	firefox.exe
1524	firefox.exe
1524	firefox.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1108	setup.tmp
2180	iexplore.exe
2180	iexplore.exe
1252	IEXPLORE.EXE
1252	IEXPLORE.EXE
1252	IEXPLORE.EXE
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3228	firefox.exe
3416	firefox.exe
1524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1108	1892	setup.exe	66
PID 1892 wrote to memory of 1108	1892	setup.exe	66
PID 1892 wrote to memory of 1108	1892	setup.exe	66
PID 2180 wrote to memory of 1252	2180	iexplore.exe	71
PID 2180 wrote to memory of 1252	2180	iexplore.exe	71
PID 2180 wrote to memory of 1252	2180	iexplore.exe	71
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3248 wrote to memory of 3228	3248	firefox.exe	75
PID 3228 wrote to memory of 524	3228	firefox.exe	76
PID 3228 wrote to memory of 524	3228	firefox.exe	76
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77
PID 3228 wrote to memory of 5044	3228	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Users\Admin\AppData\Local\Temp\is-7H2F5.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7H2F5.tmp\setup.tmp" /SL5="$1001D2,780288,780288,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1108

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1252

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.0.690960070\657321014" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1644 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0de964d4-8fe9-4340-8e93-d59c83614dd6} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 1748 1f82cca3058 gpu
    3⤵
    PID:524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.1.48345368\1512994600" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26311187-b594-493e-a5e9-b5fbf0855f90} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 2104 1f82b80f658 socket
    3⤵
    - Checks processor information in registry
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.2.2072693419\1106160925" -childID 1 -isForBrowser -prefsHandle 2704 -prefMapHandle 2832 -prefsLen 21117 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {812e265c-8c56-4cac-a481-32e8042208f8} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 2724 1f82f948058 tab
    3⤵
    PID:1680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.3.1837899061\135237743" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e34e37a4-47e2-4a5f-93c8-d9fcb10864ff} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3592 1f830b97558 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.4.1905167850\1687216481" -childID 3 -isForBrowser -prefsHandle 2260 -prefMapHandle 3204 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ee9342a-574f-409c-b97a-021038b17acd} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3724 1f82ff31e58 tab
    3⤵
    PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.5.1059095673\344065278" -childID 4 -isForBrowser -prefsHandle 2868 -prefMapHandle 4620 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6622fb8c-1fc4-4f3f-8068-3d58b7fcb458} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 4740 1f82032d258 tab
    3⤵
    PID:748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.6.17456831\1718705702" -childID 5 -isForBrowser -prefsHandle 4876 -prefMapHandle 4880 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f86c2d2f-44b2-4eb7-b5a9-c7bc62feb2bb} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 4868 1f830eb6b58 tab
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.7.873668946\406360814" -childID 6 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a09523-a151-47f2-9ac0-fbaba4c7bce1} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 4740 1f8321ad558 tab
    3⤵
    PID:2932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.8.2003225201\1543274596" -childID 7 -isForBrowser -prefsHandle 5432 -prefMapHandle 5512 -prefsLen 26798 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecad636c-aafc-427a-9ce0-593c4b20be0e} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 4552 1f82b840658 tab
    3⤵
    PID:4036

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4836
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:3416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.0.162682179\684771572" -parentBuildID 20221007134813 -prefsHandle 1564 -prefMapHandle 1552 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e07f7fdb-9bab-4b97-b328-83e0143ee632} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 1656 13febefa058 gpu
    3⤵
    PID:980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.1.86926235\344946381" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1832 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {505a93cc-ee84-4955-b055-7bc6fbeb7e79} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 1848 13fec348e58 socket
    3⤵
    - Checks processor information in registry
    PID:4256

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3224
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:2788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.0.1038373874\535168669" -parentBuildID 20221007134813 -prefsHandle 1560 -prefMapHandle 1548 -prefsLen 20888 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f3326c-77ef-4505-9ace-4b85331416cc} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 1636 2c1b90fab58 gpu
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.1.115500321\1495618855" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1928 -prefsLen 20933 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {340bfa29-f547-4e6f-ab38-bfe6d542e825} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 1956 2c1b8b49258 socket
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.2.1312267659\683973288" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 21415 -prefMapSize 232711 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81cbb5f2-8f9f-463c-a501-71175c47a257} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 2648 2c1b915b358 tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.3.369184162\1391006422" -childID 2 -isForBrowser -prefsHandle 3368 -prefMapHandle 3364 -prefsLen 26027 -prefMapSize 232711 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69feaed7-1949-4cd0-a349-57db3b2229a5} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 3376 2c1bd53a258 tab
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.4.284887429\591064638" -childID 3 -isForBrowser -prefsHandle 3692 -prefMapHandle 3696 -prefsLen 26807 -prefMapSize 232711 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5603d91c-8cd8-4e25-845d-3e9ee232d2c5} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 3732 2c1bd760658 tab
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.6.686907083\698958000" -childID 5 -isForBrowser -prefsHandle 4264 -prefMapHandle 4244 -prefsLen 26888 -prefMapSize 232711 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1af1ab5-1ec7-4d35-b9f9-a7e4aea628ee} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4288 2c1bea3cb58 tab
    3⤵
    PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.7.1787029442\2067765811" -childID 6 -isForBrowser -prefsHandle 4472 -prefMapHandle 4304 -prefsLen 26888 -prefMapSize 232711 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dbbb582-6dd5-4f9c-bc51-1148276f776d} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4556 2c1bc569258 tab
    3⤵
    PID:1608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.5.782616092\1434369072" -childID 4 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 26888 -prefMapSize 232711 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01d8664-e708-40ae-a45b-2c86187e97c3} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 3740 2c1bd537258 tab
    3⤵
    PID:1244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json.tmp

Filesize
158KB

MD5
4074168d8b8e5a378a6a445d9968ff9b

SHA1
bfec8574d6b0fe24d4c5e26b4c480eea1bc8f4ea

SHA256
08aa2fd3ac2e3e0867b41dd98737f0ac92b0f6dde7cfdb6f5df2e0942edb4b97

SHA512
5f092bf417d8ab6f6d8088a00fcb003f65d073e5904bfa9e60264bb18848dcd9a0db79d64e1f6ad8f74dffd1138e1e68a41c7c4f4e558d0dba1ae6d5bc1feaaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
184B

MD5
a511762b49a47f4d1c9ce1f815a78441

SHA1
c47aca6a93b281846da21b99e1aa9963970812a4

SHA256
d589fca5afff4860895f9e4966684edd2167efb7e3c01a3bc5414c03e9aee35e

SHA512
3f297c14e075d2f89bb1bb823c4e4ce85037d4e9d1bfd3bc8037c6ebdf77fc4be9511444a20e0d27a5201a395614a874810f8723fbdc4639bc750dda68b13c1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\scriptCache-child.bin

Filesize
464KB

MD5
5b6d9966d20791c38f3948d133bc4014

SHA1
e033078a3e395fa5ac0c24c92ba9e0d2f9129887

SHA256
181aa6dae48c54c9e5324f6810a4bab386f426d6d90d69f3c99fd03edbb77fe4

SHA512
568ec26dddb29f09c182b16af91f3b908e2890e1c3261547b70550827633719047ca0d7fbc0d2846c7bb1da1ef1a3ee278b4073567348d5d8e02417c8e439d88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
729d86248349372cd2d2fbad341054f3

SHA1
ee7e768c83876d115ba9348a9a4d2ec52a96e00e

SHA256
2b4a73e3882d398175d90d90e4e9166792515cfef3ea645c1317e68e1302042e

SHA512
ac88291280db32eb1615977c3424df7c724298fc49537d98a13776ecaaad5e22da3fb1dc1ec46f348f01fbd4a6b236f0fb6f5d829c7277040612cf1acd369834

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\startupCache.8.little

Filesize
2.0MB

MD5
b2afe40f08e4c234750f7d023bc17985

SHA1
bd1952f2ba1e4ce952a99ecc60e598aeddf53496

SHA256
5fb0ab5fdc5459cc67b643d7f1071191640ba2b14bfe28de4d5256c74baf8fb4

SHA512
98c5db765f5cc1ef389561a336b548eb0037dde7053def5665ab1902dcf43ba79731bf45a2ccc8d6b7d926ce85ddaa1ef370390bd12d0b677a355d177c3a8044

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
fdd4641220961c103d7d5c53b70a8ae7

SHA1
7829fb37fc790c1b378ce6c877c734cac25bdd57

SHA256
71f19a2d0c84e31bf45392bdc4ed58b3eb0e4c1e97e94cd7b223e8f9f0138fee

SHA512
5019db9f7773c2b10d612f66af83d038966734069fe583f5269750ec0cc316c09f70addd4dc7185e6674e26c036691277512a25ce1f2523100caeba16a58f2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7H2F5.tmp\setup.tmp

Filesize
2.5MB

MD5
31a947c782c294b2a9d163fed9e1c378

SHA1
11c29aaf737b41a6e0576f298c5c800f842b09e2

SHA256
77b1186fa7814e0a64767aae729cea4ba8fcd69bd79854334af6660557044153

SHA512
0b306d6aefdd765eae2c7274223a121c31d5747a00b6f7b9fd8b5304a20c82ea75ec5a745c332654535e0f059ba72f307fe4a61a7b44318370743060fca4a190

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7H2F5.tmp\setup.tmp

Filesize
2.5MB

MD5
31a947c782c294b2a9d163fed9e1c378

SHA1
11c29aaf737b41a6e0576f298c5c800f842b09e2

SHA256
77b1186fa7814e0a64767aae729cea4ba8fcd69bd79854334af6660557044153

SHA512
0b306d6aefdd765eae2c7274223a121c31d5747a00b6f7b9fd8b5304a20c82ea75ec5a745c332654535e0f059ba72f307fe4a61a7b44318370743060fca4a190

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\AlternateServices.txt

Filesize
197B

MD5
dccd9360b546f8e5dfefeee3dc09ea3c

SHA1
e5f0aca8cf96441e9b201b937fd105ae1f9e2ef5

SHA256
4b8ffa6a2a8642a2548dbd2dacc8905f45707d5d45485ec7ae1945d440b8618a

SHA512
0a1be81fd0f78cd9663e20384ba2de78476fa0bae56609508c0d8ae53bac9a7f24d48fdd742b6f164fd0bda4b7d18d6a6ff73e6b0fcb80c200cf86dcd40122ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
08d6f7e5a33e599096d8c9a2f0844912

SHA1
8b3cf7642be3f4e67617a0b5d1edaa06d640549a

SHA256
65f5b3cd745fa782bfa4ac7ce8e804a9f4e8c7f40914127be3fc9de9a3ac4558

SHA512
b15477d1d7e89de8585a9226575be0df209d3c586a13de1136cb4eace39de6b3b625b41a631ed075e111aad2d702518cddefc5450c452fda6a9486079fcf1b94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cert9.db

Filesize
224KB

MD5
669e142ca36653b0d74829fe8efd6dd0

SHA1
90dabb84d4267678cdfc98e98da1a00683daa70c

SHA256
aa5e76c39b9efbee4f35a11a88ee7edec7911bc0942be30862734a73ee5f5b0a

SHA512
9df13a7ab6d70fa3f8bad17261a4bcd10431ee4de1e5bc9672d02560133587c1064b455c9fbd58a961b1c07139d796adf824bdfdf71a82546733f77962be9388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cookies.sqlite

Filesize
512KB

MD5
4c83850f315e93022e65e34603c0defc

SHA1
3ff3cd018042452b9e2ac3913eee9ba10d1bb59f

SHA256
7bf33abc280e9c85d350c910ccbcb9a7a9b20c414416cac6c69ac1b53b2e4ccf

SHA512
43c2fd7880a5bbc9e5cbaf1b0d3f7914808e1bf80e7258b573cddf46106ede15933d258df84937903a42e90af3856d72e6dce6585d3833ef59b439e721f8c969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\permissions.sqlite

Filesize
96KB

MD5
f25926e6df059205d3db256b8c29a26a

SHA1
c922666a7a5a24b1e3d6d3891f5664cdf73acefe

SHA256
6119ffe1230e8a057dafeeafa43b33f6a5ce4ff54fecaa13f00b4bec56b66c71

SHA512
c51632f2af6e97364d13ed8cfc2d67b277dc166b6db54c612efadf44916e141b7a485351e119b14a185713cbffc30ff7e592e0d3c2b947fb6ba8f57ddd9403b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\places.sqlite

Filesize
5.0MB

MD5
c6e88e96d2bfb829b7df1b2bb12fcb3d

SHA1
9c3c5197d984f86d92b10f85d71aefc196a7177d

SHA256
eeaba867346bb70f6482415392b8a1ebd7d9efb8482dd0687b9eb01e5ad40fc0

SHA512
7fd5c0011e76f4d2ff866cea0c41ee27222ecb7fb8bf0915962ebdb2e492872ae1b92d15f97c33461cb8cda37db1e3bcfc8a1354cfd00b1e1b0f450e0b012b91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js

Filesize
6KB

MD5
fc03769491e92557713bff75b3dcae44

SHA1
a4f4687575dba8a950a014c93d8f9f086a2b68d6

SHA256
3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

SHA512
8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js

Filesize
6KB

MD5
fc03769491e92557713bff75b3dcae44

SHA1
a4f4687575dba8a950a014c93d8f9f086a2b68d6

SHA256
3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

SHA512
8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\protections.sqlite

Filesize
64KB

MD5
c85d1bbdcb2505d7f5c6bd0dd2b06492

SHA1
b045492af83bf1549827343014eae43cc0a817d7

SHA256
a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f

SHA512
7343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
66ccb50ee05276f56ee3219718ebdeb1

SHA1
c40f07828f43b2935a3437d181cd825532627459

SHA256
97ddaaad5088241cea6dae0e85d01e2dabe719cb30cf9f1c31a4ae5afc23448e

SHA512
aa735300f7ca16b7deb677a74d7dc18ed9391b3d14e2199479d1733217125314926775d5f311a97650caa1d9181c658cc4b0058a7d5de9bdfd3dcc5b4ccc7c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813

Filesize
1KB

MD5
984a3835ac84bacfba24874db035f6fc

SHA1
86f5f27156a6cc6cfa2a508dc0b9c38789ca5f79

SHA256
5ae7c8ec3577b97d8d233fce9d1adec2658e10c04557516f8609f26f2619a04b

SHA512
4df3817cffea3e2a849013af0d5ca7fea79a682dbc7b6c52c1687ce24a9d2b9f37d59e2a9bddd710eef5df0f4bfdc6f8529d23173a0cbbd67c8626d06dd65c57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
984a3835ac84bacfba24874db035f6fc

SHA1
86f5f27156a6cc6cfa2a508dc0b9c38789ca5f79

SHA256
5ae7c8ec3577b97d8d233fce9d1adec2658e10c04557516f8609f26f2619a04b

SHA512
4df3817cffea3e2a849013af0d5ca7fea79a682dbc7b6c52c1687ce24a9d2b9f37d59e2a9bddd710eef5df0f4bfdc6f8529d23173a0cbbd67c8626d06dd65c57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
984a3835ac84bacfba24874db035f6fc

SHA1
86f5f27156a6cc6cfa2a508dc0b9c38789ca5f79

SHA256
5ae7c8ec3577b97d8d233fce9d1adec2658e10c04557516f8609f26f2619a04b

SHA512
4df3817cffea3e2a849013af0d5ca7fea79a682dbc7b6c52c1687ce24a9d2b9f37d59e2a9bddd710eef5df0f4bfdc6f8529d23173a0cbbd67c8626d06dd65c57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage.sqlite

Filesize
4KB

MD5
e754fbe11ba0e708fa319a0396ff4274

SHA1
46687e5fe95275f8d9512e64659a7ad985343553

SHA256
33f31db8b6798aad9d7752c69ddbf9c4b97621fb924c9171f7f8c4d4e6c59704

SHA512
e02fc85d8b3bcc22c33e93dda90993122df5be0dcdff02302577978f47fb202ecb20cfaa899c2c67f4d09c6381b076eae6b2e0af682de10b8df7e187e735bdab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
2868ade33b3fc157edc3d0e6b6b88d96

SHA1
2fbc5d21e4b5b51b85aa242c5f1094b78b42f06f

SHA256
463716a72dce3b7c34a12818ca051fc044627890946b4437b6998bcc24a20534

SHA512
0756622f5ab9deb31b5cb909c570b236b58fd594d9ff52b92a670761f1b447a1f15f9032a50dce0bbd9b176a761fe7a5f2095938c1642bfe04b93ba83147ee0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
memory/1108-134-0x0000000000330000-0x00000000005FB000-memory.dmp

Filesize
2.8MB

Download
memory/1108-131-0x0000000000330000-0x00000000005FB000-memory.dmp

Filesize
2.8MB

Download
memory/1892-121-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1892-135-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1892-130-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads