hxxps://steam-card50[.]com/gift

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/gift

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4324	msedge.exe
4324	msedge.exe
4544	msedge.exe
4544	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4544 msedge.exe
4544 msedge.exe
4544 msedge.exe
4544 msedge.exe
4544 msedge.exe
4544 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4844 firefox.exe
Token: SeDebugPrivilege 4844 firefox.exe

description	pid	process
Token: SeDebugPrivilege	4844	firefox.exe
Token: SeDebugPrivilege	4844	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4844	firefox.exe
4844	firefox.exe
4844	firefox.exe
4844	firefox.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4844	firefox.exe
4844	firefox.exe
4844	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4844 firefox.exe

pid	process
4844	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4544 wrote to memory of 3020	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 3020	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4536	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4324	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 4324	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe
PID 4544 wrote to memory of 2260	4544	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-card50.com/gift
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff8131946f8,0x7ff813194708,0x7ff813194718
2⤵
PID:3020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
2⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
2⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
2⤵
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,564141674087566456,18290156196560400769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.0.543584906\1082453797" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b83b1e71-0b00-46db-b434-bf1db3ea0e2f} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 1976 1a0fa8d8158 gpu
3⤵
PID:2304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.1.855577840\1550805285" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec8575e-ed6c-4e5f-8143-3e5f36e80bd4} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 2384 1a0fa7fae58 socket
3⤵
- Checks processor information in registry
PID:2828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.2.720587052\1135971280" -childID 1 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e655193-f337-455b-b983-3143bae18d14} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3588 1a0fa867d58 tab
3⤵
PID:3112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.3.2136077313\1580671395" -childID 2 -isForBrowser -prefsHandle 1696 -prefMapHandle 3448 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdf0e112-387a-483b-8746-3ff2f44cb492} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3708 1a0fa8d7b58 tab
3⤵
PID:4112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.4.935997467\843802512" -childID 3 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb6ae6b5-2edb-4b87-8525-946fd5cbae20} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3848 1a0ee168458 tab
3⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.5.443757508\339239654" -childID 4 -isForBrowser -prefsHandle 4728 -prefMapHandle 4732 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4136aad4-6a6f-4011-ba2f-d69d91effa4f} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3836 1a100ad8258 tab
3⤵
PID:5496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.6.73184250\569831536" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {065431fc-375c-4f99-8fe6-e704556fe20f} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5152 1a0fea70458 tab
3⤵
PID:5560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.7.413109032\126298341" -childID 6 -isForBrowser -prefsHandle 5028 -prefMapHandle 5060 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98ec7681-0fd7-4744-887f-60cc54892b9f} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5104 1a0fea6f258 tab
3⤵
PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0076cc4a-fda7-49b6-a485-2ba87d7fa812.tmp
Filesize
6KB

MD5
8dd10347272345c13b915b93fe0916bd

SHA1
c5460da6084f03945e327d03fd971aa4ed23c5b6

SHA256
1774abef64e533c7427daf87917fb4e46a127ccd9a1c960017e3c09190b509a2

SHA512
49e57a91b8dc9144c965cb25bc77a131011eb951263507fefc986c306c4ca7c1b7227c9d19db33794520f41d945c4f0db7e53ebbd1a6ea8b54c1c6d098aeba10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
3469b19534a33b8d57783c59c49b8fad

SHA1
80071b25588c47c7768886cb4284675ed4ea6aa7

SHA256
cb38c687972a6208933836b4769e25a53e7cf56005cd43db19ecd063eff3eb00

SHA512
484877b49844aac16baa316865b423b26aada49a71221cf75ad6630740a2edc91bb4557bd338d58474331580556f23f70eaeb11bcc319d17a73230700cd1ad4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
62b5dc8394085c37e21edc8f87095e8b

SHA1
70cc3c4320ec939e2a15dde914a9f568f24ea8ef

SHA256
100c776a42b472def4e19a1bd16e93583aa931dc2075fd37d444821de52c3943

SHA512
47fe66719e7e1fc29a53b992c2a4d7eb49308f37dd7a111a960f21586fbbd4e9d02b2e03a28886bb8c320808f51fc74ef7b85d92b4f07227ac171e2ce474f553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
e6a1c11b47a6de605f70eea69d50bdad

SHA1
6f4fa652d71cd00f06c025b7ad62be966e923bf3

SHA256
12bb1ce79a9754796b2f3c1534d7f6e39ea3c0c42178c339566d1cc458a70eb2

SHA512
26e1cb70eab16ae942c14762f88fc77f8a1167b1f3b6e4e889f8fb1236dde1894dd0026ef772948e93d5956cecfebd84d8f5eb1c43f0ba0bfc3260413bbb5cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
989B

MD5
20370aca684b22e54ba77d2e9f34242b

SHA1
d61a85c3a80a6adf25a31957bfea5f9f4ed8eb8b

SHA256
2270e963202f77803e0ed022326900fc94ed7d9601ee59b03c41bd90019c2257

SHA512
159edf16ae164083f08cbc050423a62d7dbe952198bd96a9be85b39d0f2661f959517e5158c216bd9415acd10cb330736cbaa588a1fedf0820117500e80bcf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e4bad7f00496f5264c1918e3306e25bf

SHA1
c54ef4f3cfc51a59d1b8286f0f7f2f4da7b538e0

SHA256
88e5f6464cc8e81347893fd03a60759d3f6557e27bea86949f50149cb818f6a0

SHA512
3f68e2a2a2da24ab15d2bfd7f79d80119539b065caed54d6f56c5633e5fb4adc1c02ffe09fef8c17acdd203f69c25f43be23f42715ec5e6e9873d26c249c47df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d3d8983c387ffa7bd2df2b6431d78790

SHA1
2017d64b7d0f24841e66c801c7507a074eff7696

SHA256
5706baa728121e5b7de53080c328ef366c485b2b1735d0d19a54e12ab169bb3d

SHA512
a22454202d43b53952c4ecdb58b4f28725501547992038ae2e79d4fc7b779f6a5fa3c9a4710a37df6d478c85869b2f2d8aa5745cf2a4cec87dac5a548014153b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9acf12c-9c37-41ad-a67b-4c76ffb7256c.tmp
Filesize
6KB

MD5
5f4745178315f04505a928c95de0c101

SHA1
1f233640071707cdcd84a70c0d7dc659b700da3c

SHA256
6797d6448b90c63281bd826a109eb249521545c4f6772552102d24fa85a27938

SHA512
7c57fcc1b0e727d79482c6d4836f04a769c74e00194a7eac916eb55be39cd53a5a33403e930aa9911f14801942dfd7d61298674421deb3a8fbd813c7bed49f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
993e6365ecbd086317e3cc358f77c4db

SHA1
bf61e1d5da9857ce33391ef2407a8f20b10ae4a6

SHA256
dc640b71da2c2ebb03936b9446f9b60c0e0bdbe5c160525a74caa5a44a097a44

SHA512
0b358145861a412c2ccce763a2ab79a5207b001b444e1222536f79e7d2f39d1819559289be68b7860f82592c9bf08328082a678fc60d13a1c4a2e4bc503d6ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6cd69408ab14f505bf6b35f29a534b3f

SHA1
4589d3d773fa73663076945515b5e2fe16b9bf31

SHA256
2b2c74a5c1fc276c8f1c24ea4d181206f027765dd63276e18a5ce2f9291bdf5e

SHA512
80967f0e7260c3d707ce7a4ec5ccdcfa53d6ec2e233b699018341a42a33017f79b3babda49a12b5967c49ec7b5d6213d01d7d2472e56817798e3b5c8fbca3858

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
e96ef18895192a1a2ae37125b5ce3faa

SHA1
f3e270c5f55d790a5e3cc5f6c4ae1ed841554c5c

SHA256
9d6b9b331178118c826c17855675d9eaa4012f743ced465a74e200af3644c10f

SHA512
63b2f2361d8ce45f238d586cc91a1f36bca7587d1006e233af997f35d1ea8baa8c4a1d7996205ebcea45a3b026ba003d948a64c15748972356aeedd17fc18f08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\0eda4ae7-41eb-432a-9790-f43e3a1f0e6c
Filesize
746B

MD5
0ec00fa50b8022d88ca5c681040d300b

SHA1
f6725d2ce94920f463dafd4680bbda372a6651a2

SHA256
4fc22370017a5e314287bececbb61f573fff0246d6b061a7da60b00af23cbd24

SHA512
748a5322341889ac706092f4eaa862d12c2cc02b7fbb5ba0afa52a9255fd69782584e6b14cb452d862f8654d84800b3b0800451d10da521d56a74b9fbf90ba57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\6a03d073-4b2f-4335-9f9e-566c392f0657
Filesize
11KB

MD5
43d65285df6bc606adc8782ffd3e6401

SHA1
89503a048910da556ab136a0830ddc831c5b7b47

SHA256
06e68347c41396a0af4b557a15f3cd977340d5b91d17ae5af99681c5fb20bcab

SHA512
3a4e24ac3a4860a7db8aea6f5329224429a0e4edcb41abca0c9fd8bbe6a0f245bb789197aa78565f316d026bf3f968f62005702ca0ab6111dcefea0fc98365da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js
Filesize
6KB

MD5
382b0fc77959e5d1e4b047ec809fc648

SHA1
e874d35d18d72982da20c77881c4ad190b7b3b79

SHA256
68271254e239dee05fb9d6916678a7f695014fe20d5532c7c1cd9de190cd62e3

SHA512
7ffd78e6ef648c1d4edfedcaaabe569ef3e2d6f664f9a7955374bd354f342097424d5d522ec3f6e79c16227ee1d56981f1047a37287a06416cef1f827df72779

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore.jsonlz4
Filesize
884B

MD5
7b3fe4a1f5b016a55506ff9adf2cc628

SHA1
f1f370292f68461a157785ab971356a880825eba

SHA256
72b3d0161bda8410a1473ecefcfbb955d6271e35d5259a5330d04a3e761060fd

SHA512
ada465fcfd0fbf4a714d5f3d864f8333327dd2fb1a4f4181cdbef1562fab2160c62b86e50be90d2491390d9962b38967734500edc1994119f42f3d323aaf2803

Download Submit
\??\pipe\LOCAL\crashpad_4544_VYBQSSJMJJJCDJHZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit