Analysis
-
max time kernel
70s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
13/02/2024, 15:23
General
-
Target
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/addz6q6bz6tk3vsstidrivmno3xq_8543/hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq.crx3
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 13 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 14 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 51 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/addz6q6bz6tk3vsstidrivmno3xq_8543/hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq.crx31⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf4a946f8,0x7ffaf4a94708,0x7ffaf4a947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18083991278171579919,7356012673191181475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq.crx32⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf4709758,0x7ffaf4709768,0x7ffaf47097782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff612c17688,0x7ff612c17698,0x7ff612c176a83⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5348 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1936,i,6421240210153053001,817365263297556917,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq (1).crx3"2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq (1).crx3"3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.0.116655587\107917047" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4b1136e-b399-4024-978c-e5e0533d9bb3} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 1928 14c7feecb58 gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.1.2144090638\239229601" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f76499c-7dad-434a-9d71-85c4cf162bb9} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 2400 14c0a5c5158 socket4⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.2.137514320\1022334096" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {874e4c45-8b18-41e5-bc2f-b2b032c15c9a} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 3100 14c0ccdcb58 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.3.282011474\1252623539" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3320 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56499623-5921-463d-9a8f-0313023d6409} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 3592 14c0dfcb558 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.6.1960564140\1671364568" -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {725e321f-af5a-44cb-8e6e-6a05b1240009} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 5396 14c0f9ee558 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.5.1966140296\1275777150" -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36be30c8-9f88-44f9-8fe8-ba23f1b6c2a0} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 5204 14c0f9edf58 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.4.377179174\1324310644" -childID 3 -isForBrowser -prefsHandle 5048 -prefMapHandle 5060 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d34aaed-8045-48da-b65c-d099655fccd6} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 5056 14c0f750e58 tab4⤵
-
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq (1)(1).crx3"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\hfnkpimlhhgieaddgfemjhofmfblmnib_8543_all_acqfgv64tayldgynuci62usitjzq (1)(1).crx3"2⤵
- Checks processor information in registry
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
239KB
MD502f46e2feddd9406dd22de59ff37e0c5
SHA1bbc6db2d3ec5a7453b8f92b52841e746896de61b
SHA25659008a9bf92eb7c7bfdc9c51865ed61d8d2adf4f7190b7afe99641956ba5c1f3
SHA51220f876b0f965c93601ef7188d39b01ee305e8dadced1104b9399567391930098c5c423fce57624d88cdaae03ae2d27bd3d10519d582a75607c443e6c1e7552a0
-
Filesize
371B
MD5eb3493a3fd4df961724ca3b66c7205df
SHA1207883dc2281c641a111087f4a5e95d1fcf42b82
SHA25683b76416fe84a540ad057519364980b91cd6d72f85b494e4d71457811d95c8b5
SHA512a0dcaee433d5925355bab70f15bc50cf8691d95c34a9fd5d60d38077d296ca741c73d02545b7fe434342b2756e5f4a1140229c9754b95b3301ec1e6d02d39c2e
-
Filesize
6KB
MD55eecc60c3b0a0095c2f68dc3da7ce004
SHA1763f7d8c08feb4f2f5db7ae96110505c2ddb3f5a
SHA256f856ed594252652114966658b50f0e88f868131bccf83a48dc1b08b2be9e1192
SHA51265a3bb8f39e96e510261f75ba64b59b3eb8d4edab8ad3b84ff5c857d9aa1a702913ffefdcb8409414f305739c08b7af6cd0e5f40111ed62d37146051a39b427b
-
Filesize
6KB
MD5e60d77ad7d442b1a34ca7f2d5ea9100e
SHA1b353fc8150eabd5021025f180d7e2bea24cd94f4
SHA256f26b6ad32cbaa003e38a6d336f5d56e508146cc3acbb828274e9f6c015772e11
SHA512c6010142ec9aced3e502ab98d38cf515e9d94242ba4684541d916594f9ee51275ffb25dc36314db156ca5d8926f61c99372f8e19fd3196a9d5da423b94518053
-
Filesize
15KB
MD5438225f7e70d0fc642966059bfdf9157
SHA11ccb091b49600be54c08385478ae5ff763ae8361
SHA256b6af054f40e935812634365b1fd899c352777c56f60eafe2adb87c6a7fbeacd4
SHA512660feebb1bd05fa722b824519e27ecacdfae8c652486de9c7077be2f3678042b0405d785f38e2e4cf42fa0cf43ffb0686fd6ee39af6c461f53c73d9ba96b9f77
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
152B
MD51386433ecc349475d39fb1e4f9e149a0
SHA1f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e
-
Filesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
Filesize
5KB
MD5d0ac177172053c92554f90089d98d83f
SHA165e1a3055b11c356a3813b7ecab57ec301f311c6
SHA2567e5045f9884520307403cbf8a0563501e60942eb5f79212b8991920a3d3705df
SHA512ba5bb32458111d4742c670c747fc2a266ee508469cb260ad4e8561c367780454cc8e731a011b813ed7d868e09476ef987f351e35e8bb901eee0d507679eaddb5
-
Filesize
5KB
MD5e668e8b56445408b861e6063cd0ba7e3
SHA18a32039edef5798e5d81fe4612f86c9a1c2607fd
SHA25624714e83901022f404f3a0386c260bc10988035e1ff8c81c9bf9388c6bff9cb0
SHA5126236f2121d7d632b425a5fa1b2b5627d1322c8787437a3b28a38b1ce560c8eda24b1dacc1cf938011cc6118999eb475bf038ff65085d2f7fe0102cdf933b31a6
-
Filesize
6KB
MD52e7e6f4034a948731b78ad217589de40
SHA11bb5018384786ca838eb37499258db36a9448f30
SHA25673469a9dcc5d1c325e2f602778d12f935f002cfeb5a3355a15089f2fe0139f19
SHA512534d031f468036f238a3f50bc982011c6d11c22083c6ec340b655d36e93d7363a290e39b8ccdd3f8df831acf2b48cd71a65e3f990f118f5c954c4a130adb7595
-
Filesize
24KB
MD5e664066e3aa135f185ed1c194b9fa1f8
SHA1358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA25686e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA51258710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54b7a12d908fa0a5c156d171960e4fd13
SHA1706e878d3bd62fec91ac3812046ade79070bcacc
SHA2566fc446e6558cd7f3af07cc003b58125a18537bce93e78d6d44f400ca43f514bc
SHA512cebf646ad9f36caf739edb1fefc5db63fd2c28d29426afbb0ffe556010031f97022c7b9f29f04e2ec01a141efda604f5cc6d0b7799d2000fef252e940d3f3338
-
Filesize
10KB
MD5a0b7cc6c40b05edbb656b6eb18a358db
SHA17f3e07763da47dd4e1d3d5e49a8084f6ed30641a
SHA256ca13e80a5c3a4ba183d1a20018bc46475a50bf4283064c08934861c241e9b26e
SHA512eb924b7ea98a6ce9366b7ad045e634b1727323b285322eea9220398d2064d946a483e2c60acc3749b1362745a39dc59884420641d9dbec7f18b814686a670d13
-
Filesize
10KB
MD524d4d102b2a7c23f0ab47d129335793b
SHA1c4052c9fbdc0ef1b2d2ef2207b065fa06cbc37bf
SHA256bdd6b06eecf97e7354208057772af2e5162f15b71e09fabbb0bceee693ffc5b2
SHA5126dc23a2e008e1294575581edf9babbbd73403a3be8d12adc8f3064b2d28fb36db661308f3a69dbbf59cd93aa5c78dfd6127db39506832e7f61d950667449c773
-
Filesize
2KB
MD56c413a27934a1a46139159cde7861a48
SHA1de496bfa4ee76df16c1c7beef009cf9352361816
SHA2564154470a362802566c49da144002109c660d316874385829e4188951945b90e0
SHA512139844bf88b90768f64f34c7bd6fe5620e95e338654ff556f95da11a33fb2ec3818da564455396d16c912bac4a40206428205c549fcb540f9f57bf6d32bb5bcf
-
Filesize
746B
MD5e5d0af324f0e3bd97f8619005218f685
SHA187c2562b34f2b6167b72d01abb455060dc994b0f
SHA25631f91608c93d21f26abcaf784b6d9973e3e29335f6aa941553fa0345f4c96885
SHA51263e41ed3d31f8392e0e5129514cb547e4fb94ee2840cbb68f8fe1f7c6f7e30adc70cbfacfa9b4bc76f319b87f62c3bd73e8352565b2511ada5510ce39a33e4a3
-
Filesize
11KB
MD5b01b843c39ed30b06b2940602015c16a
SHA138c8a5c9c23f53cc0b20c3770337f727ba748727
SHA2561fa08205da222dde5819fb78bbb64bc1a1ffeb708699e21491657e2a7594e4cf
SHA512c76c163cbdcdadb0fba9c2cf81763ba6ce200aa1ff2756b8b39f8823d3d2382dc776e3eebb02099a564ecb0da809106503a413c57a2f0aa9fb8516d209b6e35c
-
Filesize
6KB
MD54fdfe23fdbc10932bf84b5cc08163aa4
SHA189210d4d2acbc7d13ce5d402fcc83bee6eae333b
SHA2568a11517f2e1cda8b4ce0b524c1a25e51173dad21c835eebff4b0ec8744760443
SHA512bceb4b7e5520a41f4c60550b392aa54248e987ce66649857a9d3b5f9121ffdc0438f8a6c39773856bde3bff9c44a41f0d532a68d42986a2ec62a92b2ae099f3f
-
Filesize
6KB
MD54a8d3d0b0b6c46a8b3ae8b68a210f708
SHA1201f113d218add5855183aba124e94680ab8eb9f
SHA256621f8d29b9f90a873486224de12afcf6feab418568417a16aba50c6b43b28462
SHA512d894ee6ea147b612a248d364283dfe0be3e2a4bac051a60bba7c9059f64078cb119dea32bac98a9ddd4087fa04a752f149614af7757a059e7900564a826e2b49
-
Filesize
1KB
MD5b176b6691cea5750403a22c4457001dd
SHA1e3b96c5419d2b3ffa08d83cd38739095882069dd
SHA256865b24baa19e0e59764089ff3f4d6c89192548ec8f7276fb358db5c54aee527b
SHA512c9e2d86f5969c3b34c6f1527489880caf87b3f71184abb618ad139546f021bc7ce54ac5e3cdafa65b5b1d4acf1a3ba6833936779247df3e3b5f562bbf28bfc6e
-
Filesize
802B
MD5a866aa0651762b299a3e2e898d8c77c5
SHA12138e64b8818f8e25b9897fdd405068533458a55
SHA256b944f8a0381160a9ad79beab53298d71ce84b02ead1fc58701f2fe477de97708
SHA512156378c00dda92e35cac917be0acf219227b034c13dac6400734c06c50c0e3f792e0c60e2b4af56bae9cb2fc777be662e0ae43be8d9e2f05e70853b546793607
-
Filesize
184KB
MD5b4e248b8f969358a7bfa32c68bda5789
SHA1201120599bc3a747d419adc989473b524b7bc56c
SHA25653bba6be73ce1c9b4ae9b1810a5225aaa7dfa9abd0ac1eb3e9b9bff37b266443
SHA512bd21e656c602c09e140eb153225054a947e3b446927d8bbe0720e2e6cfeff0b237e0a5deea5d575ee170479e0b8472799f19c553cf3955982123e32cca006c35
-
Filesize
26KB
MD572b0cb91faed99d8b8a2d018e4b69b25
SHA1e194ebfb3d4ccf9f684840d62a2501fb079b9f73
SHA2567e6efee983c441b44398921309c4d4c0c799f52d79b07c670778fbc8c61eb7f3
SHA5125272798e8ded181c0e56c53e2a8070e70f9c6f423642967eb5f866c07986a6c8db67013950674f42ca78c2fa081edac829c86c261687ae3b3d6bff76ecb73bf8