012d3c985d34a1a75212f1476adf291a934edd0320a736bf290ee6c3a908d505

Analysis

max time kernel
156s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

software.html
Size

5KB
MD5

33327d7d2e4b6f8830cb52a6dc942aa3
SHA1

deb55250eada52c0b85fe2707f41f6385213c1be
SHA256

012d3c985d34a1a75212f1476adf291a934edd0320a736bf290ee6c3a908d505
SHA512

3519556aa2db51381c06e11021c4c179d4544a99f7d4ab18d22b8611b663c4a1e6ee3e8ba8f7fbd49d06da421c5f5be2fa2cc1921f961376f230c942cbb8d988
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8LuZqXKHvpIkdNBrRB9PaQxJb3zq0yTMQr+Cw:1j9jhjYj9K/Vo+nbaHvFdNBrv9ieJ3z5

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
4076	msedge.exe
4076	msedge.exe
2380	identity_helper.exe
2380	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3920	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2528	firefox.exe
Token: SeDebugPrivilege	2528	firefox.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3920	OpenWith.exe
2528	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 2500	4076	msedge.exe	84
PID 4076 wrote to memory of 2500	4076	msedge.exe	84
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 3000	4076	msedge.exe	85
PID 4076 wrote to memory of 1484	4076	msedge.exe	86
PID 4076 wrote to memory of 1484	4076	msedge.exe	86
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87
PID 4076 wrote to memory of 1420	4076	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\software.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7e6746f8,0x7ffb7e674708,0x7ffb7e674718
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3749764502448536092,11430605572337913886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4944
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.0.95057764\875719879" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a49452d-8028-425d-8d4c-0344db4ba6c4} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 1968 1a1d13e0258 gpu
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.1.1394724087\608097066" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56763bf3-64a2-475e-9564-9c1753860251} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2364 1a1d0f33e58 socket
    3⤵
    PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.2.1716452737\217088638" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 3168 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2edccafd-702e-46a1-98ee-da466c4a8323} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3204 1a1d54a9a58 tab
    3⤵
    PID:3104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.3.149192831\2123271513" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 1100 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc24c36e-5ba5-44ab-a72d-3adf1ea61aed} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3624 1a1d3e59258 tab
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.4.704387685\1676415208" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 4088 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f36770b6-98a0-4f92-a06c-e7bfe5be7f2e} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4104 1a1d6cc7858 tab
    3⤵
    PID:5048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.6.612308498\955490822" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a33fc5d-ab62-4c24-8802-109aefef6c57} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5044 1a1d7a12358 tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.5.670042265\1872599374" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5deb7838-bc96-4523-a8f2-86cbfde42dcb} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4984 1a1d7a12058 tab
    3⤵
    PID:2620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.7.1269279623\2002344031" -childID 6 -isForBrowser -prefsHandle 5288 -prefMapHandle 5284 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {209964ae-7552-41d0-a35c-a70255655659} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5464 1a1d5a94658 tab
    3⤵
    PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20c6a88a46723c46313089fa10e28a71

SHA1
427c48b10d3dcf375a3fdf1b8240ef28ad818128

SHA256
f713d3e732522bfe58fe9ca408b28fecccfc244ffc59240697ce9e3b1159f024

SHA512
a34b3606a4ab7502f3afa9ffba265eb380b65ccc430b7b9480a341a7f546021bd53b69add4fb7df3407003517e01711133d68f86795775093c288f7849f3b2fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2a24caa362cd71e074916a1dd28fb16

SHA1
43082862b8d2e4acccc43408ddd8902dc45794d6

SHA256
82872baad08e123b06328c845e50fb7d1fa3eec620bda742f51b9cdbe75b60cd

SHA512
6455d61c6ab56fa214e037da51ee425aa0fb44d6d198e0ccdde9aaadc8566e8e3bcaa6894caf440d92884ef31400c607948246e20c74097e957eadba762f327f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3461111185b57237719867867999e268

SHA1
6056baf72d8ffdd8e62bf00d6ed48dc696cef0ee

SHA256
d71983a29d86e2cb9b87e908f8c436d493984e7427aee63a3a517f2ce8f8ec50

SHA512
29459e2fd8a5ae5e35ca3106c4822e312918ee2b8ebfeb91a54acbd2b3ad666ff12ed39b1e6d8ea1ede83a97567c5641e87fd280cefb433ef3e02205e0708ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
acf0a8cb661d3e86649f0209a5819601

SHA1
e39d7ccde339cc78053575511904f4713141333d

SHA256
5dc42c013b11f885953b1b0e17dccfd9c8a13774297bfe12838ef3ea18d3c2b8

SHA512
cfee98c60395f1f0e25bca0a911c4302009f9fe9046585acea7190de3a1ff8bc08c35e7a0f8dddf4cd1affb32a822b575dc4d5d0ca53f0b8d4fb82b5d14cbb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c8631516e17dc1364301ab38262e566

SHA1
847773d8c9ef325fc6dfb5af970ed812ed4a8b40

SHA256
10c8f2d9e24f7398bc934f83338925f36f24c4a4c9d7361ab8912b80d4fff027

SHA512
406a05373c1460f07861eebfacebfd2bdf3a9e15ec773c6062ff683412be6c0868839e3c6410f895cc02729e862a9a06bdbaeec126d58f5e8892410b6b8ac670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b472c284bacf0e3b1c2c034d856b9105

SHA1
b32c5e0e2552cffab25df45eb271b2a63f15f04b

SHA256
6f18e222cbeb043e667841c5262b419c0db835b3cafdbf7848d48bd86a871c0b

SHA512
b92e79f12930519d9e546fb901b5d35032ba01457904584a8a1fdef42bca2888f086753c2f162eea305d029a0bdfe93bb6e22f83b059698cafb79e1b05a0fa22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
decc8aeea30cb3c70ed658ffd21f1824

SHA1
452b280ad5a35a4a4376fa12b50ab1cdac605d41

SHA256
f957c6c1e355bab9290bb9c9bd3325dbd1629c6c395004307494d65bd5656cbe

SHA512
5795ba71dce238631d0d5e36ebd21fe2e54360388db68ac5f6c0da9da1a1ed6764e246621783e68bd6f92fd571d3d69f140e0a1c5ff1f077b08581700168c376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\19250fe8-04db-47bc-a5f3-a8054ed21093

Filesize
746B

MD5
5330266ad70f07a0ef96fe7f00f4d446

SHA1
275636c073ddb2b0c3f25ad38147b66c03d71ec5

SHA256
d4db06df760504a235a1a76d27dd8c01078ed8c9950cd0e486eabc920733d7cb

SHA512
9fc4c99ad7ff7bbac976c07e2f24ca2659d8ae48f85f55d9da1fb6a064d7326f22b46f6a908c8388451685939760e054329d16d5ab7b1df0fb488e1bd109cc26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\85381adc-076f-454e-8b22-cc123f5e8af3

Filesize
10KB

MD5
11049042a95b512a92949284f266de51

SHA1
12b038383382a98a2883458a4eb53c3021b0734d

SHA256
f9240fbb33379eb5f46e41d66497dd80a82930693a1790ebfeef0755070572cb

SHA512
4264f6d9c48a6bcdcb5657f113c6183b953dd3d83b67d2ee7ab8812139fa06aa9562ec6c1eabf92b9d1a1d3e41a0ac4e800be6feaff70a245e0a7bc1517f61c1

Download Submit