3c1c4232b5f00c3ef88d03bad7d7cb28b6f1511b5ce7e97353863c0e89091a65

Analysis

max time kernel
707s
max time network
690s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
28/02/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

happy.zip
Size

24KB
MD5

0ccabd0fba3d48bcf7d51cb6145e7f8d
SHA1

781d8875ac7ee39b1f04aac091fba71251a48c10
SHA256

3c1c4232b5f00c3ef88d03bad7d7cb28b6f1511b5ce7e97353863c0e89091a65
SHA512

ce90b7c89ff437f8735919703cd413a007ba8a398e09eafc95338ef83dc34fc711d076770b690dd286ad4ccc7ec6dea0b6dee98913b688bccaf489b42ad1a6d0
SSDEEP

384:oUH3lec4UH3leczUH3lecKUH3lecFUH3lecsUH3lecXUH3lec+UH3lecAUH3lec7:ApUTWVQvRxt5hRUaPrC

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\happy.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeRestorePrivilege	6220	7zG.exe
Token: 35	6220	7zG.exe
Token: SeSecurityPrivilege	6220	7zG.exe
Token: SeSecurityPrivilege	6220	7zG.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe
Token: SeDebugPrivilege	2704	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2704	firefox.exe
2704	firefox.exe
2704	firefox.exe
2704	firefox.exe
6220	7zG.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2704	firefox.exe
2704	firefox.exe
2704	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2704	firefox.exe
2704	firefox.exe
2704	firefox.exe
2704	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 3360 wrote to memory of 2704	3360	firefox.exe	79
PID 2704 wrote to memory of 1252	2704	firefox.exe	80
PID 2704 wrote to memory of 1252	2704	firefox.exe	80
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 4616	2704	firefox.exe	81
PID 2704 wrote to memory of 3024	2704	firefox.exe	82
PID 2704 wrote to memory of 3024	2704	firefox.exe	82
PID 2704 wrote to memory of 3024	2704	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\happy.zip
1⤵
PID:2356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.0.1475650334\218369728" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {648fee88-99e4-4883-a507-0020b0839f47} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 1796 180f26d3458 gpu
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.1.1211520556\660289212" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ef88faa-79ab-4256-adcf-a3dda784264a} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 2148 180e7971358 socket
    3⤵
    PID:4616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.2.1554163847\1507055896" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2712 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7cdb572-b8ee-4e9a-9e72-aed5e1d25666} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 2868 180f6b94558 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.3.108747386\1126729218" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4338d99d-5b30-41e0-b457-3cd7739d47c7} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 3552 180f79d0a58 tab
    3⤵
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.4.470007325\1286757925" -childID 3 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5d89693-e946-49e4-ba93-00bb7bfcaa9b} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 4152 180f7ffbb58 tab
    3⤵
    PID:3436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.7.1608205460\1884967688" -childID 6 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2fd6f23-143a-41a4-8854-f23f04dae4f7} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 5284 180f9677b58 tab
    3⤵
    PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.6.1464568509\2003589792" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4928 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0189d160-ec76-469b-91eb-3a99077383dd} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 4964 180f9677558 tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.5.1579266946\375776178" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5060 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5312202d-1918-4f1b-9373-94772638211d} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 4876 180e7960d58 tab
    3⤵
    PID:3356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.8.453930901\767887927" -childID 7 -isForBrowser -prefsHandle 5028 -prefMapHandle 5060 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d2173de-4ced-4512-96e3-f894271020ac} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 5680 180f5234d58 tab
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.9.356432103\868327264" -childID 8 -isForBrowser -prefsHandle 9664 -prefMapHandle 9668 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35b892c6-6406-4eb3-b75e-e403f08d9459} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 9652 180fb625558 tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.10.1204391045\919367873" -childID 9 -isForBrowser -prefsHandle 9408 -prefMapHandle 9500 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a73f8283-b081-43f0-b5fd-e8c1d0d1a132} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 9404 180f427b158 tab
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.11.1512948619\1169155857" -childID 10 -isForBrowser -prefsHandle 9144 -prefMapHandle 9152 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b28dcf3-0c69-427d-9639-f6b276000924} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 9140 180fcd2bb58 tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.12.133438152\2063977216" -childID 11 -isForBrowser -prefsHandle 8860 -prefMapHandle 9268 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34ed53b0-ad63-420f-abe3-53ec0ad424a0} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 9008 180f8e64d58 tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.13.1024128167\195708153" -childID 12 -isForBrowser -prefsHandle 8768 -prefMapHandle 8764 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d678702-d800-457b-b19e-fb615e82fd6d} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 8920 180fb036658 tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.14.97862198\1449316720" -childID 13 -isForBrowser -prefsHandle 8700 -prefMapHandle 8696 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8533c0bf-2337-4da0-9b29-6bdbeba91637} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 8712 180fcd2dc58 tab
    3⤵
    PID:5968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.16.931982342\719823151" -childID 15 -isForBrowser -prefsHandle 5264 -prefMapHandle 4968 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2abf04d0-250a-4464-af44-ced9e8f418f6} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 5220 180fcdf6f58 tab
    3⤵
    PID:5372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.15.67911149\1977493478" -childID 14 -isForBrowser -prefsHandle 5232 -prefMapHandle 8160 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07b5310-df22-425a-9f05-1ee375f7ac0f} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 8268 180fc6d0f58 tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.17.895991859\240530008" -childID 16 -isForBrowser -prefsHandle 7868 -prefMapHandle 7872 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8596c746-a062-4c3c-be2f-37789583f0d0} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 7992 180fcadd358 tab
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.18.1072653941\1665701882" -childID 17 -isForBrowser -prefsHandle 7888 -prefMapHandle 8004 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92c419a7-8f8c-4296-9b68-2fcd77e35eaf} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 7896 180fd82af58 tab
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.19.61040711\1875680359" -childID 18 -isForBrowser -prefsHandle 4204 -prefMapHandle 3732 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3019aee9-7931-431f-970b-64d79be5fc10} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 4360 180f7ff9a58 tab
    3⤵
    PID:6304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.21.489907099\1108143657" -childID 20 -isForBrowser -prefsHandle 7524 -prefMapHandle 7916 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e3757b1-d76c-4ffb-90df-0c735e23e410} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 7440 180fb622e58 tab
    3⤵
    PID:6320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.20.824500928\1180572049" -childID 19 -isForBrowser -prefsHandle 4272 -prefMapHandle 4288 -prefsLen 26480 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1406276-8d71-4d95-b249-21cc6405434a} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 4248 180f89e6358 tab
    3⤵
    PID:6312

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\happy\" -ad -an -ai#7zMap2469:68:7zEvent25876
1⤵
PID:1728

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\happy\" -ad -an -ai#7zMap23839:68:7zEvent32711
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\23856

Filesize
9KB

MD5
af49060d770ba4ed7e67cc6a78e9fc2c

SHA1
3618a19a7f4d88f1fe9384ad3a3760571c4f7696

SHA256
91fb593888cf3b8756fbd8c08e1fd2cb9989a5313b0ffe207854425915d8c262

SHA512
61a19f82dc01aadaa4ea2a13e1af7ca2d3b3d7f223d3e7fe2512c769d4ec366215c340f028ad0448641fe7fcf499622bd11c3a5b4332a557971f9661cfa032a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\1595EA20FE53E07DE9C1D7F8A5EB7AF73D44565C

Filesize
38KB

MD5
f7ed6424d759f8fc51ffb7ceb14b64e0

SHA1
7c3eae058137987fc38f54a305585dea124d291a

SHA256
523a94c73d0950f14b09403ba31332e8f1aff2dea467d2db1087892030b4dc40

SHA512
ff66776944e43e1808c22e681dd1b93ae52c221d617ba182aca08132cbeca33e7deb870c6b8c65af73ecd0c7be702879f1e98ff5c3d216a5fa22a744ad4f0308

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
132KB

MD5
6a48864d3516a3755613f9ed390ab8b0

SHA1
f5730f9583eeba2975ded6e33037a2edf6f56db8

SHA256
c3ed3840581137887968029d199902df1c661f9d723aa8f3043bc53ee691ff38

SHA512
3ed87aee6d28061f8fe004cf0286fb951c8a9a3b00afd5e70f17a4379f580f5c83e5bcc7115b5c1c4f35b0b428f2d6326893dfca705970d89aa08e33af53b783

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
fb1826978e3fb2da24d8f1ba923d7bf7

SHA1
7edc5982eaa4babe7a9f421e8f20b47d7d9e7916

SHA256
99b338c7ffb1bb9bda75edf7856984c4599601fbc12d7702288ac0db6362459b

SHA512
24a8e5cd0ab507cf67e70d5e18c4c3c590948b7aee293bc6cb15a5a65b7a22a5322b8181f77855147a2f3c8400fc4b34a0f266c11ce70b2c32cefc42401cf595

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\bookmarkbackups\bookmarks-2024-02-28_11_WTiY6uNlicITQNSJ-7VWmg==.jsonlz4

Filesize
952B

MD5
7086f721fccec13467730c8a88b77978

SHA1
2ae33d03910cde94dfd7f74a3755e9cb6724da85

SHA256
b2150be1226b93e122ec5b621348a660d2177adf7c22f9e25f9404190fe8b708

SHA512
9850eadfa3960cc8d306f68163c17a9397dc957fdd60bf0147fcc59b063a51b3eae5c198af063664020ad5fe51541563b90507b92ebb69f181ad523a17a5323d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5af37370a568a456424c34901432c4fa

SHA1
f201469e49a60c7dfb3b45340bdda337441db979

SHA256
3cae2cfed673b89c17cd3c576fbb5468a427026c4cb81d5e966ee0d265d4a4df

SHA512
9169344cfb475f77b672e74bebfb9f5801abaf18131c5e22bffffacf18d84f2fc331155a4456b7b7797f47ae0af353c4e92d7748b1b7fe20a374fafbe5e91c35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\46345c28-6f57-4fbf-a047-46d1e980c5fe

Filesize
746B

MD5
36f7f04b85db8deeb2180ee7fcda12a6

SHA1
350a0fd5a5785977cba85da5e1ade6a3298dd96b

SHA256
1d8a93a6f85a530ae50ca362b95dca3247223141ee41e7cd9bfca53f8e343f6f

SHA512
07f0ab7cfe359e2fa0274b04de551a9042adb28d2d13df006feef4d3e97a1ea4ab223c9308cb0c40bf67d660faa1525dcfb65f5179f60bd1ba0ac009a7743da4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\e4fc4c70-3cee-4113-9be6-64d3b4a7d86b

Filesize
9KB

MD5
3d793a7d50f039eeb9ef159b00142953

SHA1
17fc881b31859e75da72d3341f1cb7aeb379e050

SHA256
f542d50c8bf151b1c52b02d5426e87efc8a0be0cd429ba53c0a3df5f683879b9

SHA512
3dc53ef56b9684e890edadea05bb27113050ca463114011ec4fb448dd3b144ef68b9a34e7d2be3a88d9b72734bee405a59e961999a4a536e464a1ad0995e98d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
6KB

MD5
e909ed6d3489b804bb70b31016e2e771

SHA1
65b6298bc811fa24809d94cfcecb4f4018dd52f5

SHA256
7b49aa8ec0f25a272f14a812fea4970003ce127465f4c54a4ea9905da530cd87

SHA512
d74baba4943e132198293d2e651a642da252dee6850e8ff6f1d4aca40e8b106c80884ab065c5237fb00bcb56b5417cf16a0881921c06f4ae8a265307fd026b9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
6KB

MD5
26c7926aaa32353d43f5d016b010b0b3

SHA1
3742fde386b973cf48abf5394b2fc90b8b80675d

SHA256
00aea9107d60a9f1f1e8c01b0476baae7ef2efdc8312579154ae9988b65dd82d

SHA512
e98cd1bb1d808f07242c5e3a9a6a86b37a8bc668944a0b33d7869d571dd34599f91059afe039ee00836ea1fd9647e210512d7fd20b0155ffafd82fa4e0ed1bf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
7KB

MD5
1968d7dea01747119a308bfc73344fcc

SHA1
0e4a016b2c8eb98785abc3445aa2799a66048a94

SHA256
bb3b7eaaa1c9dcca3a02b5a89635e5ec8632be83a3f7bd9034e5a3ef223e45fe

SHA512
1a1d1f3d02f0d22c812dba0aebf4cdda964b09593b74d137b2430507e631e282e0228567172a61baa34f8dcdd7e0858fc26aec316be0e67f8acaaa1cafeb3601

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
4e43012e6b2a9d3ccfe955c048c4b4f2

SHA1
b832fd677294a11d016ec50fe225ff13928b3bb3

SHA256
d83f37924298291a62210752601020d5c4d5d4e267137a8367a1d3839ef0a103

SHA512
27c397d0c92c21259f34c596d35f9595d7ed4584c2e6b698815ed4ae12edc2486f31c4590a13d2be63c3b3663f7e16ef3ab1eafb6cda597b682ec7ff5b5fe01a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
be543c81327fda43d5097fe2071c394f

SHA1
802559c57f63dc298c02e0235159d58afc9563ca

SHA256
99524c0fc9c5b4d3b82b231f43bbe99f91f6f4fd47c5b2475abc4660976012ef

SHA512
2a775e67ade1db01b108f41cbfc6b48ebeb03c651b0c4221be502bcb7e38ea6155d89415b2f343d0345035d5c5e6dde4a9caf8eacec22681007075477d15938c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
291996a35b37a75817ff3f2c3bb15de0

SHA1
243e1bd408b17373a80677bc8eb3974d4f83cae3

SHA256
524ed007de67d4db9bfd4955b0f4e1976f38f8739d0a6fad1c651fd4fb952efd

SHA512
05669e9ea408e9005d4f32376e535072829dccba10a2741473391b3835b8d9d72190ce6c1e78666831ab6dd7089900fb805c522d7c47baad58882c881965b8d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6815098c8dfd60927fc142252df8b115

SHA1
51a176b652cfef009da67a0b1ac42556ea370a16

SHA256
3784c8a2b38e8d4f6a4de976fff41edc47fc46fa1c6242b8001863aa51fdcfe0

SHA512
ce3264deda63a242b2dab076905c178c728b99f37b35fbe3cb8d0a8e8d04467387fc7307ab700d22470f08b0c11219478901de7f386046506e53a2ce32bd7d7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
a25d6a44378813010a265305f1f5bb69

SHA1
9f4ea1c921b476e90b749eaeee31e66399b1a16e

SHA256
7ac17668b1a0c5886c306a7c2f8cd90c15c175e722e8508ebf8af7512cf08dec

SHA512
f9ee18ddabe622dc68e9d6ebe421eed371e63db713b19c0f33f488abf6e99c519a02ab2cdea158318aa8cd76bfae6515e202c83fc033c0b713349d7d5ac2763b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
30504cc9b90e05daa5e910bcae575013

SHA1
1dc8887b2547b2f619f2b3ca48eebd25f01886f9

SHA256
dd128b4c501e9ed67bc2f3c56ea1d77ff8113724048b1290a00cd8695aa855be

SHA512
20057980c438915c8874dcf04be852e6b4829913a19fab8eff2f6b356a94f340c7afa6905fec5da0a44fe65353aaa232f0393db7a99e50b7ab273119b8a265da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
9f5c4d50c93ab28f33afc345fe546d4f

SHA1
ab7767a5e22b65a41e74735fd38a1d5f422af5d8

SHA256
c2fff586419e69785a2e194dba74560722eea8a28833980a2e04ccf523855935

SHA512
408db904ff3de3d2fa9302110fc4c22df7cf3975e88b220fc62fa04b6d528c5c84cca202c058dfb067b33f905f068709c66711d61e40e66695d18cb9592c10df

Download Submit
C:\Users\Admin\Desktop\happy\Desktop — kopia (4).zip

Filesize
21KB

MD5
9e975d469b0ee3426c8e084949331761

SHA1
45f86b3882aa735004432e2c1dd509c1cff0622b

SHA256
59fc65a226f40b3b0939fe8da2a8267b5412429ac67dffbcca9c728bc79c6873

SHA512
45933120ac443d8d5ac03372f0efdc7b78dd4a94482ca92eb14271222c02be2ff8d25da8f55d1137f3df201a5d094b57127489db778f1ad741b44825aa88ebe5

Download Submit
C:\Users\Admin\Downloads\PonLGcL1.zip.part

Filesize
24KB

MD5
0ccabd0fba3d48bcf7d51cb6145e7f8d

SHA1
781d8875ac7ee39b1f04aac091fba71251a48c10

SHA256
3c1c4232b5f00c3ef88d03bad7d7cb28b6f1511b5ce7e97353863c0e89091a65

SHA512
ce90b7c89ff437f8735919703cd413a007ba8a398e09eafc95338ef83dc34fc711d076770b690dd286ad4ccc7ec6dea0b6dee98913b688bccaf489b42ad1a6d0

Download Submit