hxxp://mini5[.]opera-mini[.]net/generate_204

Analysis

max time kernel
63s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mini5.opera-mini.net/generate_204

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379568750781965"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\download:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
2988	firefox.exe
2988	firefox.exe
2988	firefox.exe
2988	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
2988	firefox.exe
2988	firefox.exe
2988	firefox.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
3380	OpenWith.exe
2988	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 756	4228	chrome.exe	14
PID 4228 wrote to memory of 756	4228	chrome.exe	14
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 1856	4228	chrome.exe	40
PID 4228 wrote to memory of 4416	4228	chrome.exe	41
PID 4228 wrote to memory of 4416	4228	chrome.exe	41
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43
PID 4228 wrote to memory of 1156	4228	chrome.exe	43

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c2099758,0x7ff9c2099768,0x7ff9c2099778
1⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mini5.opera-mini.net/generate_204
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3536 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4388 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1880,i,13683310539074713127,953374597771632115,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\download"
  2⤵
  PID:1072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\download
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.0.1694066026\1000617318" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1840 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0879545c-16a1-4f7e-813f-193e1d61ad81} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 1948 203bb4bd258 gpu
      4⤵
      PID:4552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.1.837241193\1144882742" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3fa1ab2-6a97-4052-a6ae-e1e2957bfdb5} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 2372 203a776ef58 socket
      4⤵
      PID:3980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.2.884450371\2142834645" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3232 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa06eb9b-8533-4b32-a6ab-f54b5cf916ef} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 3248 203bf36e758 tab
      4⤵
      PID:3424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.3.12371215\277401611" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 1680 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d942fdc2-0a23-46fc-a104-eb173464867b} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 3604 203c003e458 tab
      4⤵
      PID:488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.4.393277988\251899233" -childID 3 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d768f45-b82f-4b08-bf09-9a6056c7d594} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 4904 203c128b658 tab
      4⤵
      PID:3552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.6.508868262\1335703833" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {361bfa80-79aa-4c37-a7cf-5f5b4ccba37e} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 5220 203c1fcc558 tab
      4⤵
      PID:2036
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2988.5.1579022485\1217157846" -childID 4 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2cf359e-73c4-43dc-ab75-bdb7a06fa84b} 2988 "\\.\pipe\gecko-crash-server-pipe.2988" 5032 203c1a72958 tab
      4⤵
      PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
134eeb3f055e7b6ffebbd7c1ff194618

SHA1
65640d7fc37c25eec7c56a0c36c9a184baa13476

SHA256
976bed6864c347cb0f40d42b46bcb294d38a572583689586f8f6cd87f3d37333

SHA512
fed1ec28d5e46fede1b2dce49570e6a46c76d8bf1280f8ab5f2e59aef069492e83b6ab2d86c9448778d65fcdbc48dbdef8aa530329386a18da29f3ee41576e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
60cf40cffd2e466366e4737617d0b871

SHA1
a121a89ea65cabb6d58875316877f59b41cc5dad

SHA256
fb6531ad3af39201926502bc2a00f2f75ad75427e3276175da09b23fe2297980

SHA512
c2545537a0f081572361105ba165000b6479f10f2e8d33943b452fe183151792d7711b5e3356483aef9fe0abd7d27c0f4ab3b8848d6b3cf912d32e4303f5cb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f1ceeeb3862e3d72391ac38e5bc0c54e

SHA1
8c65ab67d19e935c29df8703137df30306ce0d4c

SHA256
2ea1baab652f0a54002321399f5f4b2b27a626b23ee6c62d66dc343b4b76d912

SHA512
f1e52a60120f1d65590bf3fac3824bd1fe27e1df62d50cd72f76384702947c4f9aec00fc9b34fc005e6989aa73fd8fbf42adad545184d8d017811e653a65c092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
32880688176a2c4ba44b2d88d2118d21

SHA1
2104edc67c45d570213624571f47a3b5a8f1db7c

SHA256
ebf9bebc02ccfa21c6ae49a0d89984ac86d2c1086a284977c26d0e4897744f60

SHA512
5b511a9dde42302ae5ceb6af740adc201a7bb611ce646fa9cc653dfe29e48286a9cb40bfffddb76b78d099f1ca640b283fc35ed8c6dc6e7488f8c15b9f7da965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
fab59f31625810209907ab202511d988

SHA1
7bfe61d7c1f605f8cb7baac661d5913f0ece3f38

SHA256
a7f395c48ee0e1051f8c3b627e1688a2e3db6472ff3cd2b40b4e1c97a92d5c8d

SHA512
45b7a543e1f709aa78470e3df5c9823b2fe931de6ad440f7b8c946d1ec63c2d83263814ed348ccce2bac62e61e93a1861faadb5faf5485410b14421accd06229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589824.TMP

Filesize
95KB

MD5
d4a4bf566f8314b2521f546b16e00c65

SHA1
82a82e203f9b4341f9e39145c4852211a66a795a

SHA256
f1e88c937432f204231d0cb0791a0548c133c726697dce69708f8c8431e35ba7

SHA512
d100edf9fe38558fb1a9e85b092afd7d80d31a64250ddf6e359a6c12ec70909da0dd59d37ccb34ada96c0e02c469d8205a9377d596744efc59967b8d0247b7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
a335fcc6277e124fcadba101a838651c

SHA1
59b110ef8b6b39de3e2169669eef7cf88be72445

SHA256
122b3de205503892317cf983de2b2be4ef7ac135e479e46a17fc1155c030de40

SHA512
d58897e918e61e2cee6ab7d1de8a7d11f83d736250c142c5fce0a4bdd605a8806a417fe6bb4061c23721b459811b0257ae855241292494aae660c868f4f6088a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f94788394420681cd37c36f3fc5fc869

SHA1
64be679c79ea6965c236a996d90bb4e6fb28c41b

SHA256
e43170fd99bc6f640db19ad9dfaedfa2b71f925edfb7ae3b4ebab85ae4ca88dc

SHA512
27d529754d02008c338bedf5d038ed6dfa54df93d1bcf9e4084b42e001bd211c510c92c8848d44b5a02c0c2c7e2278060c680f18115fcabf49a30a91268caa5c

Download Submit