hxxps://1drv[.]ms/u/s!AgKktVPbdMC_iE0DsUVuj5YonKTF

Analysis

max time kernel
414s
max time network
415s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/u/s!AgKktVPbdMC_iE0DsUVuj5YonKTF

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133452299829860053"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1836	chrome.exe
1836	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeRestorePrivilege	4164	7zG.exe
Token: 35	4164	7zG.exe
Token: SeSecurityPrivilege	4164	7zG.exe
Token: SeShutdownPrivilege	1836	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
4164	7zG.exe
1784	firefox.exe
1784	firefox.exe
1784	firefox.exe
1784	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1784	firefox.exe
1784	firefox.exe
1784	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
4996	OpenWith.exe
1784	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2068	1836	chrome.exe	83
PID 1836 wrote to memory of 2068	1836	chrome.exe	83
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3964	1836	chrome.exe	85
PID 1836 wrote to memory of 3704	1836	chrome.exe	86
PID 1836 wrote to memory of 3704	1836	chrome.exe	86
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87
PID 1836 wrote to memory of 2772	1836	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://1drv.ms/u/s!AgKktVPbdMC_iE0DsUVuj5YonKTF
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae919758,0x7fffae919768,0x7fffae919778
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2924 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4904 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3968 --field-trial-handle=1844,i,650417738986561066,11844619441980023553,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:868

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\10 NOTIFICACION DEMANDA POR INCUMPLIMIENTO... 6\" -ad -an -ai#7zMap3490:156:7zEvent2884
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Test\10 NOTIFICACION DEMANDA POR INCUMPLIMIENTO... 6\08 NOTIFICACION DEMANDA POR INCUMPLIMIENTO\Microsoft.VC80.MFCLOC.manifest"
  2⤵
  PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Test\10 NOTIFICACION DEMANDA POR INCUMPLIMIENTO... 6\08 NOTIFICACION DEMANDA POR INCUMPLIMIENTO\Microsoft.VC80.MFCLOC.manifest"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.0.1096754065\739524087" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88ae621b-e52b-41bd-997f-9b824f715719} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 1964 1b2d77f7158 gpu
      4⤵
      PID:2280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.1.1346045661\1671951796" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a366c4e6-f24c-4e2c-a619-2abbe8b24e83} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 2400 1b2cad75858 socket
      4⤵
      Checks processor information in registry
      PID:940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.2.2051604765\494357025" -childID 1 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47c3576c-4ef1-487c-b59a-35283d4bdcb6} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 3424 1b2db3f7058 tab
      4⤵
      PID:1252
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.3.1086027027\2061229310" -childID 2 -isForBrowser -prefsHandle 3024 -prefMapHandle 3160 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29fc7832-8031-45f5-b979-db3b29bade55} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 2896 1b2dbcc6858 tab
      4⤵
      PID:4760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.4.713012737\703807221" -childID 3 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb1cc067-7f18-41a4-b795-4ac0f843d20d} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 4908 1b2dd651b58 tab
      4⤵
      PID:4552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.5.229151981\202987798" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19d52aa-1808-47ed-a029-db39edf94238} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 4924 1b2dd64f458 tab
      4⤵
      PID:1596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1784.6.1715610549\133169897" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5124 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {593a3c49-37d9-47a0-8bfb-ab6d4649b056} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" 5236 1b2dd64ee58 tab
      4⤵
      PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
68f3056a0e77ee62421c659247e2620c

SHA1
4bdbcc94bb87dea5cbf14edfa82f0db8aa2915a1

SHA256
a32ba86d56227d06b8a7110cd8533e2f284933258f13c90d79ee2012c75c00f9

SHA512
33922e60f663329392f89b35c1f37948afa6e491f3eb26432bb7ece2a99edf6bdda82e3ca411b26c73130affd0e3ab7ab6f2484bdcd4439a8ba73263b813bd9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f6c9fd083006dafab919357aec2394c

SHA1
9ea53357a086f94fe27ff7989f7011f87a6bf1cd

SHA256
e3107e9b5055bdf05e1b66a2991d1cfacd7238a9102955345c366ab388a55bf3

SHA512
4b40665ebf0a1362e247762593bd66d3611506e7e95ed048970ed6cb4fca48079dbed6b347977668fd2b8124b38fce5b8360d9e7213209b7e933ed9bb1074dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
79cf7bf2bfd820799691a3fbe3edcb8f

SHA1
24c924614e5a5d4746bdc9359cc6f4b56936c03f

SHA256
541c119cd38c66067935264f772393ae0f23361cef8547363635d1ba178f6d6b

SHA512
3d90000bfe6719b5f006360d6d8430d3376b7e9dacd699556577cb8541fb9ab293f61a5be53d1550a428db1b23c4637c786e6d1cd1d20d3c9fccb2fe456d6027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d08ff5082ceb456de2e5071049504f8

SHA1
21a7a753b34155256e14738f9ef0c29bd08cc1c3

SHA256
a14d366bdd3aeb2f9d628f0172a9f2dc3034eaf9a2ba772728fa7b442d3871ad

SHA512
0781a2bd057959b87af749f9369c7bcec7d5304fe846a73dc3bc05ccc48cb41831ab02888ce22726984ca2c8d4dfad48045b775f7388f6997aea5882fc783041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3bc75196c98af6e5f3b3e8c40acf321

SHA1
edb0b095fa60b7e05518ae702bc44c4bbc098141

SHA256
a0e99a9201ebf43390a1b55aafa254c63e3c7650362d5c881b09028631b356d0

SHA512
60ac786e2f42ddfb79b2230978b3aa06f4d6e7a49cbefd40a9cb71fbf7460037c639d942410ef8692e9fb6d78bef84603c8518b054fa159c12dd58ccc00407bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7dcf6a7f09e9e4c81dd92d989ab65337

SHA1
5c84d78538683771d3b3c5948158ddeda0b5e75c

SHA256
82279c440effd6140935cad85fe192f33f7caad0230322b37b2bfa6eec65b909

SHA512
6b6c957697966ee74d79c9030df4c160dac1e410dff446b150bd2964099a696dcfaeb928305ceed944d82be9dae46a8e292450a0f7f3ed1e0bdc894b14568180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bcb2d11288b0b81e7b53cc395f1d66f4

SHA1
8701bf2350a6a7a49f58f452efbcac38b9ed8a72

SHA256
6303012739c3528c53d763b16c79199ac74531169ed3f47aa2467c264f7a20b8

SHA512
b163b3c808963ff184fa0a43c50b440bc9ab3ab6dedccc38db5b77e1214153b1dc2acebae42f8f1ea1a8304d60f9c2731437e6cf70cdce91c94cb75dda308a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3d066263612448fd7cc55b55b5a105b3

SHA1
5c01b879d52b5b8b19c57da703a4926db58693a7

SHA256
3d9b20c2d3ec687561dd0538771c7a750e4b488722b3a8ee01052b2ea737b275

SHA512
46c12545d59c70f366f6d1b30cc9199b26452cfa636eb176ab4614888e7a79f8ca6edb3c5c0547777398c1d2d40fa01ed7d380743e912a7dd218cfae31ef5a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fd93fe4722bffde2774ace12bc008f7

SHA1
bf1c0f124122b797e104c16af4fed1fdbb7557c7

SHA256
c05214d2d79eef60335105d0e49960e59521fecf059d9132a307f1c66be21cbc

SHA512
f198d527df3c72acf6a24689f59a7d4f8f222454df348d52345bee0028089217b9f28d380f628fad4e7edd68eed9e24bcf61342bf0501e33c3389d1e0e904478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22860a96297ed845b9c74d774c185c41

SHA1
ee516251e6202837ec7c7bd7bc2ae17435e0c915

SHA256
91461b72f5aef3c3fe5456952abb0532997821dfe9c22cc9013529ea8378ae5f

SHA512
06f0e635605007c3f714835d616b0f77bb0e3e03660268c6076ad674f09905e7017c7082aa5a0067e389d28f89fdcfcfcd24b429bfa1d794860b1f545df697de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
a670f933e40fd8bb416d3b15a0e75491

SHA1
9484b7dc77deaeaafdc7b012935bee1b4c398d4a

SHA256
b4a96058bc0538a6d63a10c4e0553fbe16a5caa263d1b357def1c55f9912cf46

SHA512
29396872ad401e56837eb6058b0367502af1e92aa34f1cdee525557767a37c5360818c07eede79965a18af302193df7fd54bbfedf97b7a024dc837a09b75237a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\snaxaw5u.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
15f509ff79ab5d5391249f714e6bedcf

SHA1
04ad9ad4aadb90df102c18a3589ca73649e2901e

SHA256
16af108e3d61ee1448477f33481ccc49df367630198a9499ad3757a73015f385

SHA512
d00df25db619e883876c04e38fafd60a8d3bb332d85be79ab4156877d6e72987acc239a6cc3cf7cc8a029f2417cc24eddbe28b0f97535f3486909407078b5cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\snaxaw5u.default-release\prefs-1.js

Filesize
6KB

MD5
5d274993d5754f2633049c73c93560ac

SHA1
8f7117f8f0db61601cd30cb9b9b58bf7ec35bb05

SHA256
020631f483f5a28c86e8499356e3fd5d9ae3b5552079075f47130e5750eeda67

SHA512
03729ba0866f1d59016ea3670e09aef93e5f4fff6d8c1363c3a39df01308269f54571520e13e6200cb3dbf3471576cf52de0cbf8c9456834e1accca4a355d22c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\snaxaw5u.default-release\prefs.js

Filesize
6KB

MD5
d55ec40452472b83f5bdeec47648798e

SHA1
b6f5d660664cf7067ef869ea2af2e6978904db84

SHA256
b65fd03306bb476ef43a3f8475bc4d16e06d1f3ac1d664e60fa1dec4f696e1c7

SHA512
da43ec459f376b9f0394966afa243740d946aa85b535bbec83270f4390ba0857566a55b44ee9eb9007707d116b3462a2f518d4d2effbcf584abcd5efeeb34bf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\snaxaw5u.default-release\sessionstore.jsonlz4

Filesize
998B

MD5
5cc6de2c997b9ac474d54e8a94bef385

SHA1
916694c105181902c455a12f44fd6db5ee45c8b7

SHA256
a2f90b1f28ba52ae2dfdbee551c1ae070902a5bd6a7edd5835223de593370c75

SHA512
f48c294f7512f3e55b6a2059233c199d1039862fce44451af3a26140026c33dc9dd85865448c9bf9730cd0647ba34abff662bb960216f9ffaf60d1c1a8d82c55

Download Submit
C:\Users\Admin\Downloads\10 NOTIFICACION DEMANDA POR INCUMPLIMIENTO... 6.REV

Filesize
1.2MB

MD5
7a34c130f1d9586e4cee6904c0c2784d

SHA1
a546b94001fa4c166adbfee56e5c8b5439d42f97

SHA256
5484d4fd80325f00e3c9a6c884ee45c882bc678e67238481ecc5a67ddb8b04cd

SHA512
743bff0fc8f7284bff797c6b2b263f42ef5d1a668a80b8e2f118effe929ae053fde9a15732c1b74dc7791f8dcd4439dbaa76844433fb90935f98bdc07b62fbb7

Download Submit
C:\Users\Admin\Downloads\10 NOTIFICACION DEMANDA POR INCUMPLIMIENTO... 6.REV.crdownload

Filesize
1.2MB

MD5
7a34c130f1d9586e4cee6904c0c2784d

SHA1
a546b94001fa4c166adbfee56e5c8b5439d42f97

SHA256
5484d4fd80325f00e3c9a6c884ee45c882bc678e67238481ecc5a67ddb8b04cd

SHA512
743bff0fc8f7284bff797c6b2b263f42ef5d1a668a80b8e2f118effe929ae053fde9a15732c1b74dc7791f8dcd4439dbaa76844433fb90935f98bdc07b62fbb7

Download Submit
C:\Users\Admin\Downloads\Test\10 NOTIFICACION DEMANDA POR INCUMPLIMIENTO... 6\08 NOTIFICACION DEMANDA POR INCUMPLIMIENTO\Microsoft.VC80.MFCLOC.manifest

Filesize
1KB

MD5
526c8811d11c65f7ebca8d5f38421188

SHA1
f964cc250e326101f636a6293ecc710761ef7ccf

SHA256
571af1ea18ca3f68c321975e7b1a1146b00dfa9349d5711a30c7cf89045a6a1a

SHA512
42e328781bfff24112d6d9c2a84cf2de95dc9767b8b4dd8b6de099722c236350401e483c2710196dd7092c5b9a03f65a6938dd680e5a2cbbc288a6344f950929

Download Submit