hxxp://edgedl[.]me[.]gvt1[.]com/edgedl/release2/chrome/ac3jvtnqjeymtphmax4jaju64coq_121[.]0[.]6167[.]185/121[.]0[.]6167[.]185_121[.]0[.]6167[.]161_chrome_updater[.]exe

Resubmissions

18/02/2024, 05:51

240218-gj64yafa75 7

18/02/2024, 05:49

240218-gjh24sfa68 1

18/02/2024, 05:45

240218-gf7lasfa35 7

Analysis

max time kernel
47s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://edgedl.me.gvt1.com/edgedl/release2/chrome/ac3jvtnqjeymtphmax4jaju64coq_121.0.6167.185/121.0.6167.185_121.0.6167.161_chrome_updater.exe

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 124289.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
2252	msedge.exe
2252	msedge.exe
1488	identity_helper.exe
1488	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3348	firefox.exe
Token: SeDebugPrivilege	3348	firefox.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
3348	firefox.exe
3348	firefox.exe
3348	firefox.exe
3348	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
3348	firefox.exe
3348	firefox.exe
3348	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3348	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 624	2252	msedge.exe	60
PID 2252 wrote to memory of 624	2252	msedge.exe	60
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 4356	2252	msedge.exe	87
PID 2252 wrote to memory of 920	2252	msedge.exe	88
PID 2252 wrote to memory of 920	2252	msedge.exe	88
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89
PID 2252 wrote to memory of 4224	2252	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://edgedl.me.gvt1.com/edgedl/release2/chrome/ac3jvtnqjeymtphmax4jaju64coq_121.0.6167.185/121.0.6167.185_121.0.6167.161_chrome_updater.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7a8046f8,0x7ffc7a804708,0x7ffc7a804718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4669081885369349202,15747367862683147401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:5252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.0.2005588674\1867957084" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d67cc0a-a301-497e-b413-cdb06d1c1256} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 1944 1e8595e8258 gpu
    3⤵
    PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.1.1926570774\1292007432" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8fcae2b-565c-4d7d-b38a-20df5a736878} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 2344 1e8594fba58 socket
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.2.45352525\1361078918" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2972 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f56eae9-4b3c-40c8-b87a-7c1a026f274b} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 3064 1e85d6adb58 tab
    3⤵
    PID:3436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.3.1466469740\841975550" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55f181b1-c28e-4710-abdb-84fd9b709897} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 3576 1e84596c458 tab
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.4.228513634\1689738908" -childID 3 -isForBrowser -prefsHandle 4372 -prefMapHandle 4368 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2491417a-21ec-4ea9-b863-cfbe971677cf} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 4384 1e85e5e5858 tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.7.2066640378\314774887" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74575073-a8e3-4d38-8f4c-46d5f0a1c262} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 5328 1e85c163858 tab
    3⤵
    PID:5788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.6.256693987\1437483716" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e728975-1d54-42c5-a3f3-720afb31940a} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 5116 1e85c163558 tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.5.1529016842\4922791" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4976 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f4d2cc1-c877-4cbe-8db9-6eceb8de2889} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 4952 1e85c163b58 tab
    3⤵
    PID:5772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c3ee7af-38b0-49fa-bd63-753cac322689.tmp

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c9bfb67402b2d0bbabf7400c8de573e

SHA1
66b66e5852564cfcefb925c5943cc8ad2a7bfd2d

SHA256
7220946f1c26289abb5b6d3db5cbe8dd95c8361a2c820eec7861b774c064977b

SHA512
1467bcd76b15b8038d778c38d849970e937f1e0dfbc1a90fa28308741d3ffb7da167b13ace660bb993bf9bb361abf6276a6adba4d8c6002738b0d59d913a3734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
586a97a5d3b11633e42ee2fb5d4c2325

SHA1
84aafaf55e32af603014605676965b14df228d66

SHA256
89a6e546c696b0b9411badd7b9aa62f4d0da6ebf793355ea39685e1e62649ace

SHA512
cbde332d32ea8557b1a1c42f853a3968aa5fe63383cfb1b96dd8cc713f6cd8df960823df806610ccfc084d0f933350743eeff619ca40c654367dd16f36b4761c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c66250a1e6e3b125695d17441eeae9e

SHA1
f7d8e0b962ef7d25dc423c99bd96ab017cf20a43

SHA256
18720ce19d4913d386735372a6d763afca0c7e1e06682f31d2386684b775cf60

SHA512
e6d7c5bf0afb4b7c4a001a1d9be51a63ff874eae98f07ebc8a6cd8eef8214d83f6de070c460d4aece417c2d43711544f485339c48caa06a929c4dc7ee0f3a3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
589ecbf749e1352db1c9d45533252e17

SHA1
83fde7025ac8d28c3183c72339270500f0b29099

SHA256
aa81b9ffe6ce183fe6c2d1f86fcc6dc6e09b2880a065c06bce1e33f93d386621

SHA512
b0417c568031077cce2d5420bafe071631f78e0e347b8fe9ca3c04625b9115ef823bb4dde14c5e907a1e23c0532dd60f4fdcb725469522cfcb9861e94ba42643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1dd8076399c97e2d5b7ddf40fa2363ce

SHA1
66eb37063e1e569ceaa1b9f52b531d178649edb0

SHA256
35552b7be4426b087a933f23ef9afe4dc147b136862a9b7649d0dc3e15e45fc7

SHA512
e8201c0cb343681b39f63e50a853df4bb999b22d2fc7bd055dcee62c04d4571669d0b828685038079e2afbdaf3e37732d4a12306187a6334302a7aa1556dee12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73684bc7a4a4fb4f85c3e52d942ebbbe

SHA1
810ea4648c599b299412e0432fa576bf33ecde71

SHA256
b189cd1b0b95ee6ba6a5b09e0bf0716e0c9835f6c80f32fa1943e98aad3f1c00

SHA512
bfb3832a187e903f48ef6449b7e8d1cf2690272733b926606b9a3a8eb8d7932f3424cbf99682cfb5d0368e67dd845a137aa99668473d83156fd5e3104cabc8ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
54f154535697363cee21f198b8a32e40

SHA1
369c04dbf3e278478d738dbf23e858d716ecfe88

SHA256
4c6acd19669bddef06a1510bae7997acda88aa83f34573f0e8c68edfe8ef4e93

SHA512
59652cd908a256ee3144883bb52a2632bc48f3ffd9c33d8ec4e44f75eae3e91ff8f2694a12180e5240145c300abb62e96b012f28d6876120a46c4bdd70097aab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\086503cc-f4ee-447d-9fc2-f65297c825ea

Filesize
11KB

MD5
9fbacf48df87364c9d5f13ae9a9f3385

SHA1
f7d4c5cf6684d22415d6a15afe06131c342685b7

SHA256
0305c7255977072720b367b529344f6f3870241e9daa4b247485f72cb9949439

SHA512
69bb3930e411943a78a6d47c5c390983373b9b842498cd1153aa9d6c700bb95f296c4c6658c1ac6910ee80c174fdcf3bda40fd1a7bedcd01a502f05038606a10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\dd430381-3e65-416f-ade8-0130577db6f9

Filesize
746B

MD5
ef6d27629177a8882b1ec53165f03e41

SHA1
a4123badc82d5ba9de76b73c6f9ba3806b6de06d

SHA256
2a25d6525c17a8ea913f1a431b20a45906dd3d6083a370d59848d32565c8b993

SHA512
f86e47a51afd10db948267df685adf2a32f4ae5db79ea3b7e1a7e6ccc1b47e7d1ce50f03175cb791cd76a6136aea9d3620b7ad4aedcee24f143e4c6b44c47f4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs.js

Filesize
6KB

MD5
0c642ae86ccd9cca857d0e69256dccd6

SHA1
96309d7f0b6abf0ced280c469a88bf4191202965

SHA256
5a1e8c3f332359daf36c6a6377ee46c7265679b436da9bcb04d51b3d2dd22ef6

SHA512
0d4bad2050ca94f8fdeb131675581d433f7bf59a244b506acfd148c91d2e50b5cd8c935da2b6bd0e97d4f92303bb58015029be44ccb2cfe87c9850418b0ad681

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 124289.crdownload

Filesize
3.1MB

MD5
81ce2fd4be6f87b47f55d94c99efc2ca

SHA1
8cc2023e496e70d85c393828e8ab7f6e7dda8571

SHA256
7c6bb2bb76e0d3feea2e821cf3a43ceb9bf120cf34e590e0eaa91400acbf3e2f

SHA512
a4c83342174b1b7355dc5ca1ecaf686edd84f28adab71c428b0f61d4a66164fee6b1adbeaa0c5100c44f89763d3c331225b2dca053033aee7f1a5221bf4b77a5

Download Submit