Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

e1444bd0c1...2d.pdf

windows10-1703-x64

4

e1444bd0c1...2d.pdf

windows7-x64

1

Analysis

  • max time kernel
    261s
  • max time network
    264s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/04/2023, 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1444bd0c138b548a3c17e95b8484b2d.pdf

  • Size

    92KB

  • MD5

    e1444bd0c138b548a3c17e95b8484b2d

  • SHA1

    1f8ac912f9b943cf8d61a135278ef0b4370a51a5

  • SHA256

    8bc31a69a710f3e49a0e6b30cf9648a68e7a598b25fafb5ff4a5ac1cab4d432f

  • SHA512

    0dff0981d8880bd39809d86d58d32be88862384183b7a42cd635615f26757fd069ae8b16fa170849641fa93b5f3f0ebb23c026c90441e275dc91f25c5a61ac8d

  • SSDEEP

    1536:PuV5OXZJgiKPp5F1uaYhT9xEhcmaYmZPKgUdYYYYYYYYYYYYYYYYYYYYYYYYYYYS:iPp5F1u9bQaY8P3QYYYYYYYYYYYYYYYG

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e1444bd0c138b548a3c17e95b8484b2d.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4204
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2F2E0009E8F4939F475D2BFDC3A58AD5 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:4856
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=234BB37B29C938906D10AD3495844DEB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=234BB37B29C938906D10AD3495844DEB --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:736
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FEBA8C0B25C5FDF08A07008400AB8AAF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FEBA8C0B25C5FDF08A07008400AB8AAF --renderer-client-id=4 --mojo-platform-channel-handle=2216 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:1260
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E188B24B81E429C0D879542AB90009DC --mojo-platform-channel-handle=2496 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:5028
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8C5D87404C45931BC21DF755E6D76865 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:3136
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8DB18112DF3F82CC55C2DB370B939D3D --mojo-platform-channel-handle=2552 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4372
                • C:\Windows\SysWOW64\LaunchWinApp.exe
                  "C:\Windows\system32\LaunchWinApp.exe" "https://alphahelixconsulting.com/blo/643687b0d9d26.zip"
                  2⤵
                    PID:3996
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:3264
                • C:\Windows\system32\browser_broker.exe
                  C:\Windows\system32\browser_broker.exe -Embedding
                  1⤵
                  • Modifies Internet Explorer settings
                  PID:600
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Modifies registry class
                  • Suspicious behavior: MapViewOfSection
                  • Suspicious use of SetWindowsHookEx
                  PID:1220
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4620
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Modifies registry class
                  PID:2576
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  PID:3872
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:2892
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                  1⤵
                    PID:4328
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      2⤵
                      • Checks processor information in registry
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of SetWindowsHookEx
                      PID:1888
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.0.345041382\1019968309" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dddc7ff7-a440-4bdf-99b6-1bd96d262e98} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 1752 1eafe119e58 gpu
                        3⤵
                          PID:2044
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.1.726221750\707853233" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e667277a-264a-4767-aa48-2fff73d6eb77} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 2104 1eafcdf8c58 socket
                          3⤵
                            PID:2052
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.2.1696643320\593119090" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {722b5bc2-3c5b-4a10-9817-b08e7e7acfd1} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 2948 1ea82143858 tab
                            3⤵
                              PID:5384
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.3.1451158280\1567548814" -childID 2 -isForBrowser -prefsHandle 3252 -prefMapHandle 3256 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6aa8bd2d-279a-493f-9bb4-09decadf9826} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 2244 1ea80a69958 tab
                              3⤵
                                PID:5540
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.4.256720255\1114964559" -childID 3 -isForBrowser -prefsHandle 3256 -prefMapHandle 3500 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f539caf-6a21-42b9-b03c-d785728b8cd0} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 3716 1ea83031a58 tab
                                3⤵
                                  PID:5568
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.6.398012376\1041692340" -childID 5 -isForBrowser -prefsHandle 4604 -prefMapHandle 4640 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56bba42d-4b3d-4186-a4fa-03e460b3f9e8} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 4820 1ea84b62c58 tab
                                  3⤵
                                    PID:6092
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.7.1045086642\1973602311" -childID 6 -isForBrowser -prefsHandle 4976 -prefMapHandle 4980 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ad1e639-324e-4263-9c55-983b28ca9043} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 4872 1ea84b61158 tab
                                    3⤵
                                      PID:6100
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.5.1728020601\710139801" -childID 4 -isForBrowser -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {199eeef3-cc6b-4160-8a80-77c3a8e84513} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 4660 1ea84b60258 tab
                                      3⤵
                                        PID:6084
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.8.1047662367\718358625" -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 2732 -prefsLen 26956 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68b7b587-ab09-46b4-8490-ea4c580853d0} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 4512 1ea805c2558 tab
                                        3⤵
                                          PID:5124
                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                      1⤵
                                      • Modifies registry class
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5640

                                    Network

                                    MITRE ATT&CK Enterprise v6

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
                                      Filesize

                                      74KB

                                      MD5

                                      d4fc49dc14f63895d997fa4940f24378

                                      SHA1

                                      3efb1437a7c5e46034147cbbc8db017c69d02c31

                                      SHA256

                                      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                      SHA512

                                      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json.tmp
                                      Filesize

                                      134KB

                                      MD5

                                      d20d084ec0905534a7eeb120da326e7c

                                      SHA1

                                      8dd83f8e9609e9b5fc34e571fa9507f94828d6fa

                                      SHA256

                                      6a13b2fac9104d193e232a4b6d827452d641d0d094cebffdc11278bc5444b6f4

                                      SHA512

                                      2fe70bbd3c5b77a13cde7584e12e44836b1c21f3f3fc4cbd5eed9190c4cbc6dbc7a6f7cbf9a0f86d39ef12bbfbb1aec29e58f74f1b9b34cfe582efe7b267ea12

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\MIPR0GRL\www.bing[1].xml
                                      Filesize

                                      6KB

                                      MD5

                                      1867729ce796db9e4a25d333f0a3458e

                                      SHA1

                                      900fa709d184308315b7f187f8b3b0ad3f05e0b2

                                      SHA256

                                      7b66d56ee0948be450dacdf09e49616ef3e7c3183b7a8fba99d0d9c9f977ed9a

                                      SHA512

                                      4a54cd7deade9bb4efe54bc36900de922fb4a86d2820284d16378dd5b96ee528811c88caf9e14eb0387fe81c2fc8807c3636a8bd21ffa78a67ddea0a17cb0d6a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5G3EB0GH\suggestions[1].en-US
                                      Filesize

                                      17KB

                                      MD5

                                      5a34cb996293fde2cb7a4ac89587393a

                                      SHA1

                                      3c96c993500690d1a77873cd62bc639b3a10653f

                                      SHA256

                                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                      SHA512

                                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri
                                      Filesize

                                      207KB

                                      MD5

                                      e2b88765ee31470114e866d939a8f2c6

                                      SHA1

                                      e0a53b8511186ff308a0507b6304fb16cabd4e1f

                                      SHA256

                                      523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

                                      SHA512

                                      462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
                                      Filesize

                                      717B

                                      MD5

                                      ec8ff3b1ded0246437b1472c69dd1811

                                      SHA1

                                      d813e874c2524e3a7da6c466c67854ad16800326

                                      SHA256

                                      e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

                                      SHA512

                                      e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\96F0F8C22DDF7AE25D7FE9DA7DBE480B
                                      Filesize

                                      503B

                                      MD5

                                      cc55a54dfa24273e717eb12fc8a30fc5

                                      SHA1

                                      2cd645cb1fb3eb3d276f6feaa968ae59d828f4e5

                                      SHA256

                                      b2b8f1dac5efdc281fce07daa3a5e876c4c968cd3bd7ae9a5939f84919b45ac3

                                      SHA512

                                      3f77103dbfb2841824c03e7c687b05f2dd0f3371c8a76aeeaf8e1fd2723529eab3ef930387c3601db2630bdfde706ad2b4bb978587671e5a60a5bbad4dd1de97

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
                                      Filesize

                                      192B

                                      MD5

                                      10a62cf849a8782b7f87f04f8df0e048

                                      SHA1

                                      fff2b2010e5f922453c1a61b1675654df0e63c23

                                      SHA256

                                      e2fa19759d2e53e2b15516236dbd86c1f8fd1f7819c9a949da5edf298cf4ef21

                                      SHA512

                                      4d21a86c9d897bf77f053fe3abf0fe87d6ffeda0d8d05ae487be02ee57a46d85a8b75d5a49f0a6d84869025b5e2c96f66289b105435069e5bc6ed9c598568f5a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\96F0F8C22DDF7AE25D7FE9DA7DBE480B
                                      Filesize

                                      552B

                                      MD5

                                      bf048093e648e16d3b28faead5806945

                                      SHA1

                                      2517c75da59989ed9b521f9c10a0eb60a4501064

                                      SHA256

                                      54c2b65ab424cfd65c0c69e4eb1163ef14c9576e1866242f92a12d0b54529273

                                      SHA512

                                      600ec27d3dc8589e02b6a304ea1b59ae76ec29d2ebb7cb08c3b321448d87c0675bf53649e6d2fba82a04f52a51ea5730de6ecdce8b5d6f63a1ba09683df0ee37

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
                                      Filesize

                                      207KB

                                      MD5

                                      e2b88765ee31470114e866d939a8f2c6

                                      SHA1

                                      e0a53b8511186ff308a0507b6304fb16cabd4e1f

                                      SHA256

                                      523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

                                      SHA512

                                      462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                      Filesize

                                      442KB

                                      MD5

                                      85430baed3398695717b0263807cf97c

                                      SHA1

                                      fffbee923cea216f50fce5d54219a188a5100f41

                                      SHA256

                                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                      SHA512

                                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                                      Filesize

                                      997KB

                                      MD5

                                      fe3355639648c417e8307c6d051e3e37

                                      SHA1

                                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                      SHA256

                                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                      SHA512

                                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                                      Filesize

                                      116B

                                      MD5

                                      3d33cdc0b3d281e67dd52e14435dd04f

                                      SHA1

                                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                      SHA256

                                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                      SHA512

                                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js
                                      Filesize

                                      6KB

                                      MD5

                                      fc03769491e92557713bff75b3dcae44

                                      SHA1

                                      a4f4687575dba8a950a014c93d8f9f086a2b68d6

                                      SHA256

                                      3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

                                      SHA512

                                      8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      1KB

                                      MD5

                                      81776655dedc5a49941a03660e090c9c

                                      SHA1

                                      2f6251f8ad859775121ba6c5b0788905a6309c81

                                      SHA256

                                      d253bd11eff070c27686f08f2f610ea24f8c0c48cfe759889b1f9bb57f498a99

                                      SHA512

                                      ad13716adcc2394cefe4e718c297be58ce55747f6c968ee075bb7e27abe9afa398c18c42c6f9fc90cada17416650f00e620d4fdef434987c5c32eaa2a90584b7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      1KB

                                      MD5

                                      9b443d90996f9fdb9ebc037376c83430

                                      SHA1

                                      a3a6164b4f53c7510721fab14fbafa5558f640c3

                                      SHA256

                                      c1a16348ba03c31fc504d0ed3eb04ee03442ef48ff2de1c880c524c9c4e1310a

                                      SHA512

                                      0fb0c74b814b970e1b79653c56ff625e04df8de16b2b089dbe7ff718da69aa3743b815d96724ad3b791e4de82b9195ccbeefb929b51edc716a688bd20ad62b7f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                      Filesize

                                      184KB

                                      MD5

                                      bb27225e7bc3d3705178870af6b78ebc

                                      SHA1

                                      bc44d947359ef2905829265a813fe67b840a0205

                                      SHA256

                                      c496f502d34321908942ab3dd00407e58d895625a9eee446eb1cfa0516ab114f

                                      SHA512

                                      374ca1db85b4b261668c8920d00e419a514ad639d497eb7bbac4fbffd497f695c7d1ccfc93aad52e502994a63210396e13470de8cb6e4572988ad82eb2425c47

                                      Download Submit

                                    • memory/2892-345-0x000001E81E410000-0x000001E81E430000-memory.dmp

                                      Filesize

                                      128KB

                                      Download

                                    • memory/3264-174-0x000001E068900000-0x000001E068910000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/3264-624-0x000001E06E970000-0x000001E06E971000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3264-625-0x000001E06E980000-0x000001E06E981000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3264-216-0x000001E06CCB0000-0x000001E06CCB2000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3264-215-0x000001E06CC80000-0x000001E06CC82000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3264-213-0x000001E068120000-0x000001E068122000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3264-211-0x000001E0675C0000-0x000001E0675C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3264-192-0x000001E068A00000-0x000001E068A10000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4620-237-0x000001C4E29B0000-0x000001C4E29B2000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/4620-235-0x000001C4D25F0000-0x000001C4D25F2000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/4620-232-0x000001C4D25C0000-0x000001C4D25C2000-memory.dmp

                                      Filesize

                                      8KB

                                      Download