hxxps://steamcommujity[.]com/10347289969038

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommujity.com/10347289969038

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133538510799540215"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4012 chrome.exe
4012 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4012 chrome.exe
4012 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

pid	process
4012	chrome.exe
4012	chrome.exe

pid	process
4012	chrome.exe
4012	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

Processes:

chrome.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

firefox.exechrome.exe

pid	process
2124	firefox.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
4012	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

firefox.exechrome.exe

pid	process
2124	firefox.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

2124 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4012 wrote to memory of 2152	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2152	4012	chrome.exe	chrome.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 3540 wrote to memory of 2124	3540	firefox.exe	firefox.exe
PID 2124 wrote to memory of 1480	2124	firefox.exe	firefox.exe
PID 2124 wrote to memory of 1480	2124	firefox.exe	firefox.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 512	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 1392	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 1392	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 2716	4012	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommujity.com/10347289969038
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd77629758,0x7ffd77629768,0x7ffd77629778
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:2
2⤵
PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:8
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:8
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:1
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:1
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:8
2⤵
PID:6000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1888,i,2348366987265261514,10357885378536913555,131072 /prefetch:8
2⤵
PID:5152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.0.1554667227\204782857" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7c8cfb0-65cd-43e4-bd18-afb8d4f82277} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1996 20c374db858 gpu
3⤵
PID:1480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.1.1883010968\1857118745" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c8d5f0-c480-4c80-aaba-bb6a5860602d} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2396 20c2ab71358 socket
3⤵
- Checks processor information in registry
PID:1968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.2.1089209801\1926731520" -childID 1 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f64e8a2c-8c5e-4aea-b358-a3d1193ce2da} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3436 20c3ae43558 tab
3⤵
PID:5256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.3.1800593278\171548422" -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 3656 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4bcb1ee-c52c-4a32-af64-981709031403} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3740 20c39865858 tab
3⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.4.1134827204\241876467" -childID 3 -isForBrowser -prefsHandle 3620 -prefMapHandle 3064 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ff6606-fcdb-4889-b597-7807a323b6d8} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3568 20c39ab8e58 tab
3⤵
PID:5752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.5.998685030\1405797757" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3764 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {471c7f01-d8b5-4ddd-a079-171576d176a0} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3704 20c2ab60458 tab
3⤵
PID:5580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.6.1809303804\1825316850" -childID 5 -isForBrowser -prefsHandle 3408 -prefMapHandle 3692 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c094382-4b1e-4022-beca-1cf6489d13c3} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4280 20c39868858 tab
3⤵
PID:5588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.7.959028544\1955569768" -childID 6 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff70f7a0-0d48-46d0-ade8-a8302651b49f} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5036 20c39868258 tab
3⤵
PID:5596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.8.1809302237\1588330036" -childID 7 -isForBrowser -prefsHandle 5704 -prefMapHandle 5700 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a61f59-0a11-4ed5-9619-4fabbc0bfd45} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5712 20c3e21d658 tab
3⤵
PID:7116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:6912

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
29e38ec13f57e32663f11b225131ed20

SHA1
0d2f151da2e6c39eeff5fa47cedae05aba11e664

SHA256
045c29c0a34e6f796482fc7f1a2ee3ffee8e931d8f1dc5fbb0639f6fa2d5225d

SHA512
5d2f26837c058d958ed4d24d2ac7622d6afebbf1ee6ca1e6c32bc34f39482ebb15860ce4bd504fa49043c49d4c6d654c3c2f5b9e76f77a8cc7257531677f2a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
7e321f5508decb217c1bd56e8a3eceb3

SHA1
9dbe3d71d4491dc1a4485889926a46bd1f2314d6

SHA256
8da8980463e05313b6f089ba8ec4c583d3f0a464f308df7e1a1de18fbecbcd67

SHA512
746b0d0e7ed3b2f2367c6169e0d6d896f2d745ec1286120dd981f8b4507668684f602d97d289ac01336c079c8aff370dfe8f3cb8d125521f30052216a8ab23ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
57a6b6af1ff0a3e6afaf45e5e3d2427c

SHA1
7674a90c40706f131dc4062b5c96bc1d80c35f46

SHA256
7ebea8756a94b0e18f4e92e4ba37567f2d9bacc5c6f7c8a5b45a5fa6fbfb866b

SHA512
c9bc1690d557c8e5eab1f5515937d74125d101f19c9312a1088050f9260aa9d0a2043179fb9a5744ad223cadb8a7a093bb0fda6c62411ce729e914f1e8491e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6028a49e192946635c3527b2d6c4be13

SHA1
4fa0b00cde4f6d64f37660bc24707a4814aa872f

SHA256
73b7771a7667ae3cc62d1f525a7620bbda18751602538ab40cc0abad97ca8eef

SHA512
ad105d197a68d948f7978bcb5ed09ec37a53cb851d42f472ad9537fae02bcf11ba51a0a0c60f0fd9343ff78792cfc9a2872193d00391bae7be20f397401065de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8b82c023ebd6d435e8d832e66aa50475

SHA1
3cd2dfa6cfeac4418c97670b112740d2d4e07933

SHA256
a9e4fadab8e8e0d44bb81e487f4010d402ef34231bf2cff27d0e139470406b48

SHA512
050cb8d9c3a41ff0f79288efbee87b7d5342a5a61415d3f15e4d5bb4a645a82c962e91714d409f86ca03aead640c5f50b11e572566a64610f79d5647184ba232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7e1c30c91799941d1d81b86cba038311

SHA1
990f9dd908db9580940b7585301db0f3904d9542

SHA256
0a5546bd145c5a46dddcafa1bfa50f8c5381c9db239fce7893bc545db126dec1

SHA512
837ce0ae3bde324b548589f40486ee7fa4b1b300f6beaf5da15c20cf098c6b194baf1d688f5ce9a489c8f0365f4c2741eaadce664a04d78e8aa55b470eb0fce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
c460a3839eb8efd6b01c6e2b2a7eca12

SHA1
fe94e6015d8cae3b620f024214080a0a5dcbd1da

SHA256
21dd39265bff2bf505cfd010f3d22fc12d15824499cff4d6f0fb749be7ae9ae4

SHA512
185a2e9d891b659861473fb9beba75fe36755bb3f8aed051393091e2c3ed4fd927f9f69e98735476497854105dc96a1d54e165b9e017a28ff02bf5d09a4d8877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
58541abc3775a250911a323fe3d22bcf

SHA1
3715bf4aa4a280d0db86faf5ede36f82de181726

SHA256
2c3c4479275c782e40c5f5746427cc0e2704b81c458c18007229ea77530ae829

SHA512
7f77f7fd25e152f583c39fac70d3b8f75d914eccdac159a4cb20a199bff4fd91fc31d9b7761b19d5da7f5179d9b7c290a052147f89aa140fbdbb2cc02fa20b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
1c75f576a05150f0c1818c8f102f814e

SHA1
f141c379282c78bc117e6ef3a3b75d6064dffbbc

SHA256
ad87838bacfb52dba02ed991ffb5c3e4f3fa0cc291f88aa5d14bfedd459166a3

SHA512
9aee84fd6417a39e125426222cc208090c5c3269755a04a2d56f72b8411e026cf75c354c8b53da642acc0371cc1b9e2c1f90b1d1f5ae1f2289c67732d07c48f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\150d281e-4484-42e7-be1f-8ebac49e0005
Filesize
746B

MD5
767e2d73f282e4b63ea831f9bd2fefae

SHA1
2700102dce45bf8d1c95a5c850ca6b5ea28d7524

SHA256
cb4985e22cc7cae398e2d2812e5c4d67c3f2a39b3872796c9b74993c0aadee9e

SHA512
7b9851e5bc3d52b11437db0e6ebb5bfb622b6c69148190c1b2aa70c40268bd4bcb41dc2ec7222461ca2fe0344dfa0ac3768c131d282453fdfa6888367a71af85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\5f8f4c57-b3cf-4e5e-9d38-9895c4faa615
Filesize
11KB

MD5
90df37f78225e69f0590aa1a6ff41d47

SHA1
b5acd12dad909cc171d4896515c5c573a85ad407

SHA256
3a7d8b2e4fc67196b7fc15eb4c3afc9e7ef6cfc32643d0a87441aae1d129f711

SHA512
013520a3805716c35cb7a114df47117b5fef7467839d11c6278f2bf7b1e776764873597e6143ee798ca5a448e710400a860f5430eb8f7d8a51fce8f85807628c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
e347cb41443a55a9f3c8394ff4498981

SHA1
26cd12af8a67bd26d5c790bc511e489fdd94f51f

SHA256
126604682a577444814d8639582604012858dcc32f1f22c2c2a0c06dba8bb1ac

SHA512
5c6b10b58b5370198a0f3e95cb7daf73c8dbd55623652fe85c1a86050eb36a700249329575c40d146be03642fec72903dfb830016804e5695f0a717541fe1b21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
969013a50add844b691f6de5a45b3a3b

SHA1
3c1fcf50d10b0806378dbfeeff7322d0fac60b8b

SHA256
cc2f664d7f421bc25ea7035245f0da92fdd99d8e0641f82c5797adbc3eca8df5

SHA512
e7566550946c1384243497bdf4e3de5a894237ab8026763c7fcf784130387afa9cd6e2005355d73ff58728ebc34c43d67b7c4afa7883c42231609449c1bc7937

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
Filesize
6KB

MD5
086d12b8bf3d1c54716295b90f14594b

SHA1
238f400d60301d8c9750f44754704b3c367bb136

SHA256
47f8dcdcb8e87d92640f96c75b111cd6367db11d388e6ee753c5babd41c2c1a2

SHA512
b1b9b9c6506eabdb4cd11590071f823cff6dd709a23a5387d20f2599ce985f04cf6b01d051bef09209b265796118dba0101da4e9e2de86cf4fc27e7b2d1c77d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
82f2546a69b01e2c8fdee569d5b12107

SHA1
17c5e8f641d50f6aa805ebc3cfda03fbad5c7189

SHA256
a095d8e169d63622d0cb030c0706e221bdb423f4fc9cbfa92c9dde75fdf5658f

SHA512
c263224fc14d9544ccd47754924e7190ae25f40436a02e3fc83a93f13fdf021442ccd1f88b9addd86a06dfa292ef0e62a673a1e423c9f30a2304231f5df475a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
7170c4efd4c370434c0202664ad47cca

SHA1
e89eec42395c8068d694eb4a65bb20eb9aca9b69

SHA256
f6bdf8f71c4dcc516625455d7d68009c030424225ee5b1a5368ae395859ee1ca

SHA512
150e6d6a12b5ae8808bdfe536d66bd9ffb7204a2225b9890a012e8d92ac55bd25f1e874ea7ba44a7ed6a2c2535ffd38529ddf91be409adf1e1e8358caf53dfc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
55f7c8b62b583c1297cbca324009cee8

SHA1
f857165a3407cc93bdf4e7c7c475c802c7279fab

SHA256
c8cb3653d0ac8db6bcf680371f9d5ef1be2c3c9b136022f11be6919cebe29409

SHA512
2cf9b3ee285d0df2dc4da435ebe537b587c8fe4fba633f971265fe86179c529017d0fe8f18747e334163f1c9ca297812125cab0cc1c795d4a9eef51338241a63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
2d71d2f1f24e42a27afad0ed2e3f1a88

SHA1
51d632ce890fec95e677338912c545c831b07767

SHA256
2da82bb5d72865a168a443798dd4f326179c1a275821573bab06a1e22546aff5

SHA512
cc35fb3d3d5c03eb503c02fa8a91935c211af2877220a50cc322bb4f37260d691c94ae9b83d8780f187e138a958972d9445337ffecbba645561933c7c932250e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
aaa38dd8313ae6225e9ad681e40e8015

SHA1
ed2df5e139461db52c69b33816017c341c585626

SHA256
eb8adcda54613530bb1f806bfda41fc826292550c4bd4e6a2ebd33ba6c42fc24

SHA512
dfead982c5c7abd90413e159559ace4047e7bd2d0b01dd1561e1147d224e7a179e6a41e11f35356aadaccc3b9ab4f42d18112615a3f522dabc8782c2bed6390a

Download Submit
\??\pipe\crashpad_4012_QUTPWGJGHXTGRFBL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit