hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware

Analysis

max time kernel
25s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587507409704968"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeDebugPrivilege	1032	firefox.exe
Token: SeDebugPrivilege	1032	firefox.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe
1032	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1032	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 3492	4576	chrome.exe	85
PID 4576 wrote to memory of 3492	4576	chrome.exe	85
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 944	4576	chrome.exe	86
PID 4576 wrote to memory of 1276	4576	chrome.exe	87
PID 4576 wrote to memory of 1276	4576	chrome.exe	87
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88
PID 4576 wrote to memory of 3052	4576	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff98ccfcc40,0x7ff98ccfcc4c,0x7ff98ccfcc58
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,10155457979571307207,9862512784090876510,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5808

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1ac0a04-3e64-4925-bee3-ccad944383e6} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" gpu
    3⤵
    PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c21ab36-d342-4ca7-a62c-5480d70a1b15} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" socket
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3140 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {323c3f9f-2f41-49e4-b103-e66883d4cf79} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" tab
    3⤵
    PID:4068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -childID 2 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f440a9c2-b3dc-44c9-bba7-5b2027d3a186} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" tab
    3⤵
    PID:216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 4736 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83d119ba-bc8f-4818-bdca-0178cc0e665e} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" utility
    3⤵
    - Checks processor information in registry
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5152 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9532dacb-862d-4598-a75c-a5c258371595} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99d733f8-100d-4674-aa17-523b5929ee59} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" tab
    3⤵
    PID:5156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5596 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83cb4f45-447d-4373-bb5e-9252327ae29a} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" tab
    3⤵
    PID:5892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d0bec84ef0544305b77b50e21dbe4782

SHA1
476e2918a93c8b8ab91b2d3aaabeb876f7ff0a14

SHA256
a793f5eea7772b08530f9fb4803695dfba7a0dc74e010eb93105b0b50b010e53

SHA512
78a18eded71991550fa65c5f45d1364e23d2302ef122ef12de4e5644a5c9fe6c20fef2162a5f3fc0007d19f9f11edcf023b30737c166b872c26184a4fd1c3bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
377251693a932398d06a3a871f4353b9

SHA1
e3dc85c79a5b2475734c8c521a50b2523861275f

SHA256
4d53b5aabf63e074889f815edcd15b5d377bda659f32cbc3f8e44c2e48e144de

SHA512
e88899446b1922d4c93104b4268c15862b6397e0edaf07b0041491a5f3f2d826175468199313fd518c1136faf9fae54c977478c3a5990ee3a5c7c3f93a9a4563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ffc2dc726601b4d249a06cb308f303af

SHA1
19d88b310712c9d8a913b1afd7b8cb95bda84819

SHA256
89a91c48361f42e1a61296e0511d4b043e1a59316182ec73e0f5ee69319cb4ae

SHA512
c229591c994f0b2d3124b0ae3ea374a9c52113d12f582467f7c60608c0d2ccb2e8edd9c23d6c47fd2258a88bf9f683b52fbea817939c63ef9b74a4e1be27347b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
3711bc5cd28b07c7a3d05a118b11a258

SHA1
a85e590263d90221c713bc9e19aef6f0621519be

SHA256
3370ee5e9a8aa53c7b6d943d47561cae1b8769d547f31156832b2140297903ad

SHA512
c04592960c0b117b2e7766b8fe675dc71252883cc0cb1c4131e1871bec183c7df208c84a68873d0dcd4e1cdc4c39881dc9d6deefb42801f3d68525118ab4d9c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b6127ee8ae5960abf538f13f8aaaab1b

SHA1
8795fe240462df50b422c3c2356ca18c48066128

SHA256
46a208f4dcebba4f6f60187b3cd4781001664ceacb42417a0a523a6553345782

SHA512
446f610591094bb5bd629c22c8557a44b684709ecd61857b87d6cbe248e05f7324f1b6884a7b64425134463f924d3cca2c7e6e30501b2e6b920e97968dba44a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\618c43cf-5720-4d2c-ace9-3d6009981200

Filesize
982B

MD5
82d18f52bccc8d710f1f033cd9d190ad

SHA1
f6a35cdcf8e227476280da6986046236e6627c1a

SHA256
0dbafb20c1570631f600efcfab697a03ebb0bcdbac6d968387d8fdbfe162c7f7

SHA512
5f2021fc3a9133791a7df0b6eca4d030d68b6b89649efd2270ce403d0230083daa606b9dc93e10d7ad03458e9c08bf1e3fa89682a6430544b70929fd83ace777

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\b3a1aabf-ffbe-4a9c-82f1-912cd853ba5b

Filesize
671B

MD5
134c48722af70bf748a4bd223cb520a2

SHA1
3ad1077e2c014b43e1a5df4b5460cb86784805e1

SHA256
167010ab74a4a8fd60c2f07ad71400262cbee6dba941f2b8e7269cbd47485de8

SHA512
352db5a6cd11766e4a923db2f0097415d9429487eed81949f02b0d3f1d4bf6947b9a3b65061da06644b361141f5455ce2a98c2e7b5f5ef77c93dc54efa813c6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\c61bf110-cf27-4801-9b67-62495b292517

Filesize
26KB

MD5
0ab222ce14d3c08cb9ecf56d420c118c

SHA1
e886062edaa2154963f86f7ed0abd4cb63ae5671

SHA256
1cddd9d7c24bbb1483db31815f4514a50680210bea4b24891dec98fa4c5bd6f3

SHA512
38196ea564d3684cf210ab081c04825aab35f2173317f358faec595ee7fe507e510bb7cc5b9cd584d32121ce7588d4a7409b14e0f644e6b7503d4fba91a4ed6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs.js

Filesize
8KB

MD5
2753a1f584eaf65cf37dad27810728b9

SHA1
85d66eb8de057e92ac355bf82547d37df99d8ae2

SHA256
2a6e5d9ff77e02b32021b1e58fdd87b2781b09a8212faff3150003415898a4c8

SHA512
dcd4e3f14de4a3c460370a9cb093e513dd28d27d95796a15661c6fc0b2a5f8a26f6227c54fecb30ccc468b615154b7705a9655e298f9008e9fc4f5ab1e808e09

Download Submit