hxxps://google[.]com

Resubmissions

23-04-2024 15:03

240423-sfg67ahc76 10

23-04-2024 14:49

240423-r7jcwshc34 1

Analysis

max time kernel
766s
max time network
741s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583574658971386"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3172	4568	chrome.exe	80
PID 4568 wrote to memory of 3172	4568	chrome.exe	80
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 2464	4568	chrome.exe	81
PID 4568 wrote to memory of 4908	4568	chrome.exe	82
PID 4568 wrote to memory of 4908	4568	chrome.exe	82
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83
PID 4568 wrote to memory of 4472	4568	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe5da2ab58,0x7ffe5da2ab68,0x7ffe5da2ab78
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1464 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1424 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1464 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1784,i,13614398380371238720,4599998671614960973,131072 /prefetch:8
  2⤵
  PID:3836

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:788
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.0.1504382990\364133640" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00617c09-fb7b-49b3-b463-0072d4e61ccb} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 1848 2762ef0ea58 gpu
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.1.1977191180\280145182" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2863b79b-6f89-4dad-8299-343d5eade02a} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 2372 2762228a558 socket
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.2.1144726531\821850388" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1384 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b77b38ca-8f82-4936-aa11-9b763103fdf5} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 2944 2762df9ec58 tab
    3⤵
    PID:452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.3.1605809591\101334477" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1384 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ed9536-b362-4b4c-87b8-afdef65acece} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 3604 2762227ae58 tab
    3⤵
    PID:1068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.4.1298859409\175710067" -childID 3 -isForBrowser -prefsHandle 5116 -prefMapHandle 5100 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1384 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b477ba17-b96d-454a-b306-a376b499c831} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 5132 2763702a858 tab
    3⤵
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.5.487051070\1878048165" -childID 4 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1384 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7be5a977-634d-4bfb-af93-2687a151f05b} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 5264 2763702ab58 tab
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.6.1747611040\1892633741" -childID 5 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1384 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42eeeb8e-6f5a-44fc-bb86-cc42ed1e9b75} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 5452 2763702bd58 tab
    3⤵
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ef5430be220d2d596748bf74eca3b76e

SHA1
7937f2d8171062b1f450fb50747bb66ef05d9e68

SHA256
672d04fed05e8014ce6aacaa16704cd931c3e57ad930e1ca37caaf449f762210

SHA512
26a609fe4d1609490acdb3bf4b1315d83e668d65ea707826bee833ca1454d82a20e3b14391498bb6cfd08ebb52629a3bf0992b21fc7dcc194fd751bdfd6ba617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ae06fbf00aae89f6ac1d841787c429d0

SHA1
20626173561a726a958daba71d55daa74523eb4a

SHA256
1448b6b0edf2c151df187b5f3f26d892a943144340aef6ef4dcc4f18f85a9e22

SHA512
05c62c582ac16f9e8b870c3adafa0fc5a228b324bfe436f4f7bc4f23863596826fd7889ff8fc307df22a8a2cb6c386f1f54fcf754339d5205585d3868e350ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cf8e4637d6ad646df409d0b9c815edf0

SHA1
00d6a68ee0e90198f0a05530e0d7ba887b2a5836

SHA256
52c2b9cbe325054cc57c0a7534b7b2c9f38077abaf32cfbddfac66d6bb2043b2

SHA512
07ac42aa1f3eae513822224adfacf4296513cef784782c33e7ec49f8f1a53ac680bbd18b645253ce96cc75d7bb7ff1e7ba29d5867e4d0534c9bad19e980bdacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
00bcf5e609a76952d966b8aec59f2cd8

SHA1
6179dbc4651f13246f72ce8f2e8c650dc1b46bd9

SHA256
f3e8d8cb9a630f0645a3fc11adc60a6b85caff4aba8306887d9fdb0e92dbe602

SHA512
33f8ef43ef4f128a15d7149b0a631419962c0abdcb4480bf71490aaf76325c497017f6a9c93b6f0a94b5bea29a229490e1a18082d7eb3c6586e6c08210aec498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
adfb74333339f6340d146e4de5a95c0a

SHA1
d85ca8c924f86d730ad8de1e979455933382d615

SHA256
43f318c25899ffd9bd02e0c8d9a1a8c78c6145fef12d1f470bebc9eac022b01d

SHA512
d7a2a9c0e2ff81b8276ddf679658846f22c144bdce841a93b7f83acf9ef7373d72212b91a63efc18fcf4d328a58d2d245025c58510225e08cabdb105e8b9b6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7bc167c2d8e7d6b8da4ccfd63f80315f

SHA1
fda25695de13a978eb92d1e71da38353199fe329

SHA256
0f5c2519525f3ea62cc25a34e46c94fbc056c3df05bc129ff74ef62c84d4239e

SHA512
1254e180fc7b2068d4bb748241b05524e38c0abcf4219e31db41f7de20a5923c8a4bdf037b0038a90c9ae9d19c7ceb202c792b686a6039ca30acfb4d6c5bb6d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7deeef437ec2a054dbaae55f580d97cc

SHA1
c7b1d4329f4389a915fe9a0e64fe04443f2fe91d

SHA256
8fab582f49f575ad042648e7f7f76639f727e128d6b6b0511f7f420c7dd546ec

SHA512
d6250175826298938fcab1168a90d4ef5523c0d72b2d69e5f4f2a0943b36fc23fa3986ae1b5a183e27d47c19d556f51faee989d3a0c386a90bb31d5e73c9a96e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c64031c2155900f3a87b97a85167e814

SHA1
4c258166c07e7ff79d6b31f5d13874af908629f5

SHA256
f7d547a4eaae42b5d326281f989c23e557fa1c7733655faca205bcd6e0d38b4e

SHA512
771a536e7ba7453565078863db7fdd4640943279fd049b620382c5a929b60ff223388557e42b090d5701a94421c1111f930e00322cc5382ee06eb8c6affacacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
662768f0b46333cafeadbea8fb671a5b

SHA1
1c09130dc09084ea31a342a15a450dbfed088383

SHA256
6ba89bb9c0b0eb4e3860b236b469ef984d77a28e96f4b506088079855c703ea0

SHA512
6c9d6f366918bdfe97ad61cfa85dccf94cb1800142b2d4d7237b3db2a5c99fdeea10217a280e2d6ca5a82523ee42801807b9159d2ac46e8421f03e137cb40806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a214d93f5fdd46848a39a4c2eaa67297

SHA1
4d10cd5b1834241006646a66118bc19f3f21e9d9

SHA256
a820d88f1e7557566bae7593d3b048e114aee2c37f99c23739454033dcafaa8b

SHA512
92af1b85b27f5ae4d9d8d4f57f47b66c3e07c0498632977ca8c3338261e4977b6929e5d685cbeeeede1c721846183d790553d1eb200143c6245a76c14dbafa46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
7bea7848f4cc0d7a8c82995bba0f4227

SHA1
f7ee32344880e73135121023352c298791a468cb

SHA256
2f18f52581837b332b6ae9a17d79ea0ab602e6faa061fbd7312051196dec74b6

SHA512
8d942dacecf0378148139a66c21f13f23b2dc4ab2bd75b0153a501be356e81888db392508cd198f48135389f7995aaac483bdaa8cdc1315c9ce7c938652fe1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
37ac703b47c6395d789d095003606eab

SHA1
334eeaf0759bdf34b54bbfb15e95139d5332443a

SHA256
6a907aa4d0ade935e0aadf6bc83d66700bd953c0619e9edf58ff785dbc0a71c5

SHA512
4d9aacd834303986daaa9c070ce6450f8d1944ab5c837d9e40aaf9ac559ddcda72f2a1704dad7a9092c65022a920f9c775cc749b2288d7ed3943fc0afc9a4e1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
8f60cbbcb01a815ee538d5fd38a5e2be

SHA1
5f88cb0a9f94b5e969e602b2a14c5c0df39a882c

SHA256
e978bfe04bae3ac8219fe87a743cf546ffc429ba3dc82f6f590428318146c436

SHA512
e4b254e72f51697af21594234418700d0e939466e2713e4900d96ea3d5ba80fafca219d93f59a56c42f7a9c76662d535a0fcb3359a4f917b6198756890aad230

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs-1.js

Filesize
6KB

MD5
98d3395c5fc5146087ac55025b4082a8

SHA1
cb3cde1bcd3ea2bda734233e9f790b38ca070840

SHA256
186d1c469fb585a899d81a81d333a4331a30865dc2e7f773db70e1aac9c8075a

SHA512
491a29e0760f59b55e4b81a543d62d3e01c3c57ab936f57b4215706e1cca56ca1c81f5f3b592b699aada4c53f5cf17e56440bf245d14abbbef189e5a8986e282

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2d2407dba9af0bc241ef406b1c6ceaf5

SHA1
be818dd3ce97fa5ed97b1e0a3cad1aa8991af542

SHA256
298f91cc868a2ade8bf0cf7265cb7ad2c331c5ae3b9a4d3586475a4515ad8bff

SHA512
4c5d8f2c7fe4ac56f6104a8b0a970a121ee2752f0337cf4fabaa1a7f42d0e0a8c108f803c6b52a2fafb6ac8205bd74015e7366057430f50822a5b4bb8cfc42b4

Download Submit