a86d9f7c545953074b8b9c18474e953db73a9ba8e9ca50cbb3e5d97a7347fe4d

Analysis

max time kernel
1162s
max time network
1167s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
09-08-2023 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
Size

1.5MB
MD5

71b072f0a3d4b9e580a8bcd523403d43
SHA1

06bac910ad59cfa7ef323096d2c6728496b5e995
SHA256

a86d9f7c545953074b8b9c18474e953db73a9ba8e9ca50cbb3e5d97a7347fe4d
SHA512

8e668cb63d2b2092c81c8ef8e5eeacc01a34cc8b1eb7959bdd6104337a9a491650e41412dedbc5dca620320223694902d99d4213c95fed90799b262799a6a554
SSDEEP

24576:dwy53G70SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzUT:Cy53w24gQu3TPZ2psFkiSqwozi

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_mk.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\psuser_arm64.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_th.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_or.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_lv.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_da.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_es.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_hi.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_id.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_te.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_am.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_fr-CA.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\EdgeUpdate.dat	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_de.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_is.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_kok.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\psuser.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_fil.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_az.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\psmachine_64.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeComRegisterShellARM64.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_mt.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_tt.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_et.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_gl.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ug.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\MicrosoftEdgeUpdateCore.exe	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_en.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8A1F.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4172	firefox.exe
Token: SeDebugPrivilege	4172	firefox.exe
Token: SeDebugPrivilege	4172	firefox.exe
Token: SeDebugPrivilege	4172	firefox.exe
Token: SeDebugPrivilege	4172	firefox.exe
Token: SeDebugPrivilege	4172	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4172 firefox.exe
4172 firefox.exe
4172 firefox.exe
4172 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4172 firefox.exe
4172 firefox.exe
4172 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4172 firefox.exe

pid	process
4172	firefox.exe
4172	firefox.exe
4172	firefox.exe
4172	firefox.exe

pid	process
4172	firefox.exe
4172	firefox.exe
4172	firefox.exe

pid	process
4172	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 5036 wrote to memory of 4172	5036	firefox.exe	firefox.exe
PID 4172 wrote to memory of 820	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 820	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 368	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 2588	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 2588	4172	firefox.exe	firefox.exe
PID 4172 wrote to memory of 2588	4172	firefox.exe	firefox.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe"
1⤵
- Drops file in Program Files directory
PID:4852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.0.133272706\1979937643" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f91b8161-f38c-464d-97ad-d919bfa05c79} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 1796 19d2bcf6858 gpu
    3⤵
    PID:820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.1.1742152772\631190770" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19c2936c-0224-4e3d-9c5e-56cf1960350c} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 2140 19d19971358 socket
    3⤵
    PID:368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.2.970390465\273501014" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2920 -prefsLen 21120 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1525ef7c-4ca1-4178-9e6b-2771e9fa494d} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 3080 19d2fcb1858 tab
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.3.933094637\1183455410" -childID 2 -isForBrowser -prefsHandle 3456 -prefMapHandle 3452 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5282ccdd-94fc-4c4a-ab9d-b20af41e799c} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 3460 19d2e4def58 tab
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.4.3658466\1660643214" -childID 3 -isForBrowser -prefsHandle 3484 -prefMapHandle 3592 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4808286b-de37-429a-a4ab-c530fc3139e8} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 4404 19d31ebbf58 tab
    3⤵
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.5.513763620\651387941" -childID 4 -isForBrowser -prefsHandle 4724 -prefMapHandle 4760 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24c3abd6-d01c-4221-b11c-14a24034e2a2} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 4712 19d3246e558 tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.7.1592205892\325891970" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8de6c7a-8af6-4986-91f8-773ba1f7d63e} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 5208 19d3246f158 tab
    3⤵
    PID:3956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4172.6.1905794791\675427521" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e54ce3f-cbce-4810-ba1e-48d4a9f4c94d} 4172 "\\.\pipe\gecko-crash-server-pipe.4172" 5012 19d3246f758 tab
    3⤵
    PID:4468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\activity-stream.discovery_stream.json.tmp

Filesize
153KB

MD5
db54435a62e6dabefd6b5a1670e5ddb8

SHA1
4f9e16d75652e02d81a40634a9657713b3e31f9a

SHA256
0182085fef072342cdac806ceb3a7e3fd77ffa801820437b73c4abc24278c498

SHA512
81aeebea3544109ffafd09682d9531acba90a0d84cb2420f91fe952dd77c78a8aff6b2ffcdbd7fc324b33673d170ea19702732cc0e4c6bced3475a7f103c67fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
290b29cecbdcb8ea5b56c3bf11002e82

SHA1
1128b59cf2325b7e18a1675af40935552257c04a

SHA256
3c17ad8f262fcba568002f59d7bd10e6d8464b67a8b0dd926daedc44c1cc9062

SHA512
dffe0d38b643ef32b412bfd791314841b422a84f13c3e2188d94b196ee451f68298897b1c6e06eed0aa4eda9651b81dabda931cd421e0e01b174c9eca2502f3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f24254bcaea50213bb4429af5c22d89e

SHA1
0d7c7b17a8473e51778939a21c43b306534ff2b4

SHA256
2b2dd7ae9214891359c6d2f9ba6f70ace68f13b3f6860893f9931f1fc485c096

SHA512
f737def202feb62f6785e47f58a1ddcc29766ddada1104c7d307f14a6c79c94f109c3735ace1ba2d89155c3e576cc1ec7915206e8f6a5e7a5a031618f8cd2f40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\bookmarkbackups\bookmarks-2023-07-03_11_bRfbUc1TtLLbY0m+huMDkw==.jsonlz4

Filesize
941B

MD5
79a55a772c2327682c06848b481f5c9f

SHA1
4334b9c8d15e7702eb5a9bf8272aae309408f9d4

SHA256
3565b755c23f20181a20ed57188c98caae4d19c3bbb7a4fb830d744e8ff1a352

SHA512
4507e5bd9356d3b2fcd676b10bf6ba953e18a4598cedfacdfae1111a120d3459e52afd2c09df086d3e823c24b6a3cd53d46b14b78b93008910f5bdd242d82270

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\prefs-1.js

Filesize
7KB

MD5
0a9590daf856c6613cab4baac1abdbd0

SHA1
0d0c8ff69a0bfbeffb1d6edd6932acf537cc8fcc

SHA256
c44004d1f3c56c8b611b3f043f52f59b708262d3367ea7b6a13fa5661053313a

SHA512
af033027530f63e160ba882de7e67d60efd864e31751ea6d74e248af010bf73d5a3efc34bbf43c3c161e6bd1c1472708d7c88c37f4555fd1cea07cef14660e82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\prefs-1.js

Filesize
7KB

MD5
6a77da48da36f309d433e52af1322997

SHA1
92431fd9f1b2ebffe2bafada507e8da59fafb3a6

SHA256
38a1323384b6c61075e9d1ebc6c789065c7f486c8fa199b7282d1505899cc105

SHA512
542347230d32ebc8aa916a54569a4f9a0a898b0ea9b68e547053d7227ee314e42b482996972333dd4a89952a636f745f122cf3f2b0fcadfba568566d5d9d0488

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\prefs-1.js

Filesize
7KB

MD5
5526232ca084ae5c757f1d3187a60655

SHA1
7089f25b830bdfb00602b2c907fb54b2853a6585

SHA256
4ddfa7114d23d41fd253802df54bc49997910178791fb0ef4787943ddcc672f7

SHA512
dbb724b73198719f6e9fafa7ea9b2079064af152d0b6a5745fcb56ef171fbbae57d01f0bab996961d5788298c93d8c23eabdfb6e6d8d61981f5cc4f0777af02d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8efc39e8eab6259a81a7c07580035b08

SHA1
9ec0ae39fbe11f1181523566d24f48a8fbb7d7da

SHA256
a1fa5b6b1a8ad21b4125e29b2b7cc94789719aa4b7107234dea9851dfdb5f2c2

SHA512
812b0f1f62d799f83cd24300654a32ad5aee85ae4a58e8bfe42108bf41ce10342e289b422915df321f3637db4ea4a2885c5b55892ff9bedbb8b987f700daf05f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q2ft4sxy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
6e9e2984b81eb348c63dc5441dfb73f2

SHA1
fe6bc31aefebf296144f516f44c077cb81e0ece3

SHA256
de2b41e25b7778ea555c5097e4776cc5304b3cb2eb9db4879724cc5b14757c6c

SHA512
59426806f45b992258f8b7a2d98e8c8656f4c95f446c4a52b1eb3cc76bb2ad4838c7436473aab2d60a302b027c29ec4e46aadc9b0cb9373d9d89b952b89b8d9d

Download Submit