hxxp://mainselecgtedupdate[.]nl

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mainselecgtedupdate.nl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
5704	chrome.exe
5704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeDebugPrivilege	4748	firefox.exe
Token: SeDebugPrivilege	4748	firefox.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4748	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 4740	4076	chrome.exe	91
PID 4076 wrote to memory of 4740	4076	chrome.exe	91
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 212	4076	chrome.exe	95
PID 4076 wrote to memory of 800	4076	chrome.exe	96
PID 4076 wrote to memory of 800	4076	chrome.exe	96
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97
PID 4076 wrote to memory of 4532	4076	chrome.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mainselecgtedupdate.nl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb2a39758,0x7ffcb2a39768,0x7ffcb2a39778
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5028 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4024 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3688 --field-trial-handle=1916,i,4012836675343249116,4839054630666369464,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.0.1941836669\1766531674" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbac2b27-d131-4428-b8ad-3c6b56a50a0f} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 1964 190bdfd8458 gpu
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.1.1713416445\1326067273" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9464aea-9609-4d18-a10a-e26498d2c8c2} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2364 190bdcf9558 socket
    3⤵
    PID:4404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.2.1733307381\1976028893" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3040 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b44e1746-562f-40e3-b760-bb9cf6262794} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3060 190bdf5df58 tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.3.634765476\1821202189" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b81f7be5-b1be-46fb-bf77-2e4abf10d837} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3600 190c0827f58 tab
    3⤵
    PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.4.1643441343\1572832250" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4688 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95377949-f2a7-462e-8cc2-2076e220fb70} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 4704 190c40f2c58 tab
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.5.1357731119\382101731" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5048 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {226ba37b-dc14-44ff-adea-597776dbbede} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5072 190c4411158 tab
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.6.1716387119\1654943636" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f93e1c1b-7f28-4e4b-abc6-ff86710a82f2} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5220 190c4411d58 tab
    3⤵
    PID:6036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.7.690420519\158216051" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b3c7e3-1552-44e3-88bc-e4ef246d2082} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5424 190c4412f58 tab
    3⤵
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.8.1293987682\1350655628" -childID 7 -isForBrowser -prefsHandle 5768 -prefMapHandle 5772 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d24d5344-2a3b-4bd6-82e7-dd6651c7212e} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3036 190c4f69358 tab
    3⤵
    PID:6196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.9.1085622880\1183639329" -childID 8 -isForBrowser -prefsHandle 5884 -prefMapHandle 5892 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30499006-c94e-4504-9034-73c310423847} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5952 190c5782958 tab
    3⤵
    PID:6448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:6936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
e177c0f83faf3352adda6321b61f0ad6

SHA1
c0b28a94d8cd4a2bb77e78a399ed375c99c16f52

SHA256
69125c65967df191097c794408a624506f77cd7d08304df66d8adaecccd38f92

SHA512
1fa562963c91b51de822e58806ce953ad3584fb4f071d95dcb8e93aefe49c1087125cd8e7e784acf5daf2355b58148bb9c67c8f2b925be16ec17d344a3dd83fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
e9d3a39f581789101daea33364fcfc83

SHA1
ae4dc8b06a33c268b2ea1832f77f272b6bb84cce

SHA256
d733955c4be16a6dbed9662c90c8408d584e22b74ea1c042ad6e5ed341d89c36

SHA512
c416613f3bd84be87978e8ed3f7d21a019952fd210422e26004b731506d268e86532f61166335fa540024dea6c965ffbffe3d7fbf09832dd41e48f025ee685ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
788B

MD5
7c987ddc0fdbcbeff6674df8c59c9335

SHA1
3b51a34ddd6fb561d1cd8817013e93be2ae7cb44

SHA256
511cd5dc5293fe931ec4cf76681d162d2fbf30dce739371f0f8c3ab5231109e8

SHA512
d8686dd872bc329d5defc3d9cd2b274df4c869fb1a178c389d054ca0c3ed02bfb7bd00ff9479bf8a95a27c78e12271cbba320eb674a9cb79be5f172c9c103a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
66aa33b93d8c6df5551c2dd81603fd15

SHA1
4019026edfc7a67a4db600b0d0388ec19162299e

SHA256
eafca9fab1283ae988b2d864a0805a516f334a8ca3c54082284c92f9252b4e7f

SHA512
f38c8aa51ab55f33feaab195d09df88e8de3ae6db008d7adc3110a19e37d034d17e5b58d2711324f6f53dec242c19b63a53af68a2e3dc09aa3935c5e47f57bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
966ff095efa2a61f52a6600055fe403b

SHA1
0d2151606ffaa01fb7d9b9094be073f1b1228c11

SHA256
1c93a6346109107c35351d8d66463b8df4f478ef1357c01031dd28d8aafd83e3

SHA512
daef26d99047fef7d7792449e2aa984c3fb3b2e094a16c400fbdb59c906d2ae70a7c496e60755d1d14db53583033ae6285d9ddd94e9d8c6287b2ab5ebe833508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e2763865788bba3d95c357628cdda51d

SHA1
587cfd96b59f3052a8359edbaf5983239f9f9aea

SHA256
86be53fab5038a0b226f71ac9346be69897442a09b4e5be622a7dfe21427fa86

SHA512
246d61c2862110975a9d4880b2ccfc5af808d491b78a929d26cb056c7718c7b1d8a94b30bbedac2c55b37f66a29b138b09c311223fd7ff15dc985c0b4b819a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
c0837e3c3f333c5541fb9bb5ae22ab62

SHA1
e352de25b883e7a7ec31e3dc27674ad4b5a914ba

SHA256
f09e3028cac03266b3dc6daac99d15f404da37a1618a21646b1309f6d1c207a1

SHA512
54b691a23946a14931385030b3c0398668b3f2f90443cce53433eb88fa14824f4a0db959620c1cb4a7675575516ce3c106dec19b34be782d6e8134093c041b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b252d7dbf15673ef68f45818b4b830f3

SHA1
6d1c2ea87809d9a4973575207dcc80615aa479e8

SHA256
dae44438d6ba6259ca1b6e701dfe9ee6375cc5247e2fcee195438429eba5ce62

SHA512
02a33c999e59ffde454fcb143a83e6eeef1f3e999566f607d5db30d4e3ae615e0179e3f76f741bc90dcdbfaa52d24b879f0b648a96bae68a11b5f5899d58e146

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\3b0d865f-d035-48ed-85ac-9ade02aeaf88

Filesize
746B

MD5
89a3ec8d041eafbd0ca2e84b91a87682

SHA1
3991ca91625cf2e142271e15b8045ca5e50225dd

SHA256
d032cc62a24b5c8453abc37e7b922bbf5ceafc60159aa100a4563787d2dbace3

SHA512
34b9775fb44f283ff72effffd861f85bdc24c10e153801f6edd54c87dc45f9455c4cde1e51d8335150a44ec56e34064418de7d9c780dbcf1b1f653f4e4413e20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\4e19f6d5-1582-4aa3-b672-6936225721fe

Filesize
11KB

MD5
020bbc138051fab99c0ddb359ed0d406

SHA1
f34d665410d4ea8d581e73a3cdab843e4bdb39d7

SHA256
f38bec3556d5c31059ba8496ceb466e32b914d50be4e81189866dc11a3885c4b

SHA512
90c16f045a0bd2627c68a7574b10204d8b31727e21e73511ae5528b4f1443c6c878cb5b680cca30f7e4f74a2e2cea84869218190d9a1bdeade30bc7cdf176088

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
e4cf8b2f3951dab1fc1b8786d7b9741f

SHA1
c7f14371caa1e1fb2eee2b2c80456c8a00436597

SHA256
b3aedd880f540bcdb7e0aa3e6f1655071993a2357a1f5986aa5c9d28bc0483fd

SHA512
c05f90d6878d98154580f92909daa679b47ee374600d43b343126b78d91e22a16bcfd456bc7ab774c13dcf478b6dc427181afb7a22524402545d18a241e98229

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
affd0f19007e66748b074f80a622157b

SHA1
090506935fe014b57325bd514abfe697d4f5d6a8

SHA256
70e92055dbd66c0ec053767bb9c7dcf6a3f4969727e94a903a99a136779b0b76

SHA512
dafaa129650cf24875bbdeefe77bd16747a9a6f5219d21177517907192c1b6454813ad5fa75c538640ed2b1c17e66c90a44a5702eed004026296dec5ecb361cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
a62cb8ecb2f8465621e4f512b263344a

SHA1
8c0addb29e37cc1e6e1e300712ddc3cd26a8bd2e

SHA256
15b1feeadfa4a7f1fd14648680ad14a919867a59920845552e9c2cfc8b3a62ed

SHA512
064bd5d61cdc217d4ba1c64c09fb9d68a7155a83420121ee911c44bf47d1b2350ad3f8d385bc18b93d0eb71ff2ef92f015b7f0a86c4c95ebe186da88e1788b61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
4cf8c9f2f7b551c0a70cbc2efb30233f

SHA1
89d79ec34a9232131a1774bfe50c3f168b385267

SHA256
6e7d7ae2a48fc74fec4017b5b3097a10a72512872b6e413f370e1c21a0567096

SHA512
e592eabfff65070752e98738e4a8aa5f106e74b4ff8e4b0c4b93a766b9676faa090197a8c22c32bdf2055f917ac14227c777b389257556d3c5ff72cccf004e34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4b5cbb2bb1e965a68cbfcb24802f38d9

SHA1
60c60563c55a40f73a68d162654328f39dd490c1

SHA256
89099cca4b0fee69fd741af6e4a23134b7b993f1764c6bd1ce7e4862dfd22755

SHA512
7fa42a652746bafb09cbaf7dcc76dd9fdb79d88d71811ac28f8597147f00b34e7ef85af92e73b4497f52f0f5022c874e0c90f862bc405d4727cf314f8c9f03a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9ed7f9288c2443f3d150d4f2580ce557

SHA1
9f74bf36194f6b21b7a0f98b62bbca7e8861fbf8

SHA256
3fbbf5b61effc5c90f3272519ecd33ba47f8706fd165b653beafb5e0ac895501

SHA512
6e3211f71e38927feff531f9241aead793902f085cf395fb1f08b9afdf9a50edd3d745efcbd5a7118d8353bf070e84dd78b2a866a1730ae6dd90ce96b50107f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f4cd9cab4ccba0c1b4f821364daf3cbc

SHA1
10c47159ddb668594f6c341ee873184df79c8041

SHA256
e4744ed9341c3abaee4384994c81c26c8ffb78443d6d7dcbbd9372806be8ffee

SHA512
18886cc257c68c82c8a7a80930879ed30b51451b274f4be8e19b6c5d8a156f608f720d3f0e925d3643342fefcbcdd111cb4e397630386e0dbf1096234612d2b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit