acc9169e89e48e648199c06809072a6802b3a49300721b885228c669b9777240

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Leakcloud.fun_Link_Skipper.zip
Size

3.7MB
MD5

139b57ad667d4e50c91b09f5c98a5517
SHA1

23ba0adcf907d49fdf060a3729995fe67cdc4b94
SHA256

acc9169e89e48e648199c06809072a6802b3a49300721b885228c669b9777240
SHA512

47798fd026eb4256b7021a53c938a511f6d8608021ed90df5e9eac80f42bb36c2167f52d81c9b54f4c91cd596b364e881b702712740051abd5e5c13a8d98f447
SSDEEP

49152:uwPnmfJ4BaqTVtJf9DzZQCc9AbJucD3PAxGf6Sfl5y5FRW1JSY1CJ7t6+dK7DCMz:JvAebt9fOGfDlsJx6aGDQD+PXHwK

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2988 chrome.exe
2988 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

chrome.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeDebugPrivilege	2344	firefox.exe
Token: SeDebugPrivilege	2344	firefox.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exefirefox.exe

pid	process
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2344	firefox.exe
2344	firefox.exe
2344	firefox.exe
2344	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

Processes:

chrome.exefirefox.exe

pid	process
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2344	firefox.exe
2344	firefox.exe
2344	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2988 wrote to memory of 2564	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2564	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2564	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2976	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2536	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2536	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2536	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe
PID 2988 wrote to memory of 2376	2988	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Leakcloud.fun_Link_Skipper.zip
1⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74b9758,0x7fef74b9768,0x7fef74b9778
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:2
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:8
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:8
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:2
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3336 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:8
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1404,i,420773253935830950,4706836817896723972,131072 /prefetch:8
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.0.950596636\2016389473" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d656791-fe70-4b21-b8d0-31fb26a4098b} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1288 11aec858 gpu
3⤵
PID:2444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.1.1998030212\259733900" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cbe7a34-df55-4f90-912f-a3847e752159} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1476 d72858 socket
3⤵
- Checks processor information in registry
PID:2888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.2.90040496\754120553" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3fea122-c0a0-41aa-af34-9ee6854435bc} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 2088 1a39ed58 tab
3⤵
PID:2228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.3.1798496358\2028348188" -childID 2 -isForBrowser -prefsHandle 2500 -prefMapHandle 708 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccb251c7-09a1-4292-8233-3a0dd5ef1da0} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1616 d61658 tab
3⤵
PID:1700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.4.312171031\175423231" -childID 3 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b99bcc32-4fd3-4044-9d40-2ff85fa60c71} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 2764 d5b258 tab
3⤵
PID:1796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.5.724547231\2079935728" -childID 4 -isForBrowser -prefsHandle 3468 -prefMapHandle 3636 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a2d64b1-dfa9-46c6-9a80-6bb2cfb4d2bd} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3712 d65958 tab
3⤵
PID:2820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.6.343831080\446235102" -childID 5 -isForBrowser -prefsHandle 3840 -prefMapHandle 3844 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d1e9fb-fecb-4256-a0c0-fe9e7bf0a8ee} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3832 1ecc9a58 tab
3⤵
PID:2592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.7.1876633997\1453458576" -childID 6 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {049316f7-7f55-47d3-84f4-fed5d5686967} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4008 1ecca358 tab
3⤵
PID:2528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.8.1400504537\226339692" -childID 7 -isForBrowser -prefsHandle 4364 -prefMapHandle 4360 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {385d91ea-3b3c-4044-b646-a1d114160932} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4376 2288db58 tab
3⤵
PID:632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.9.974679494\2067850399" -parentBuildID 20221007134813 -prefsHandle 3792 -prefMapHandle 2392 -prefsLen 26691 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {036e256d-c9a9-4ae0-8e3f-240a565679bd} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3108 1c1a3f58 rdd
3⤵
PID:2324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.10.1574733766\1161663189" -childID 8 -isForBrowser -prefsHandle 3608 -prefMapHandle 3100 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a20390-fe55-4714-8be2-7420eceb7379} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3300 1c02bd58 tab
3⤵
PID:928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.11.1785582863\1907753846" -childID 9 -isForBrowser -prefsHandle 4572 -prefMapHandle 4628 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f9d18da-ae36-478e-a372-68a1011be313} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4376 1f515c58 tab
3⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f918921a-5d77-4efc-9197-5d12cb031cb2.tmp

Filesize
275KB

MD5
2f91f92802ed1c15187063222eb8bae4

SHA1
2fc60eb0c5d6e218508b18667c3ef4585e093944

SHA256
79a491ba3f4b73437cc2b74296466b1177fe16a8d2a84f05475831654e3e9a3c

SHA512
6d7a6c83ebc123cf6cde1844bbb4f8e62f80aedb6048fc09b580285a247680416a41129fa700c3d8b460ec1bd42ffdfff4772ff45470117e5712acea3a119cea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\12507

Filesize
9KB

MD5
52096e8112e69b106eb1c15a7d5c91c0

SHA1
631b7e955178731a8f9462a68fc25f5f9b936340

SHA256
cab6ec4b563a355dca473978d7169f68667fba675fef876436d6bc9dd9b94ac6

SHA512
21520ee60c771b0224ecd08f82ce8c0cbb59a34d078b88ac0cedbfe66027a8d524358c8dbd3003ce714da1f1bc1bfdf2a87d43798c0a05e7c5588b1afc8252a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
801e2e04f3fb520a25bbdc623c97de94

SHA1
439b25b21c4ed7d64adcac280df67510d3a9652f

SHA256
a497d55027c975a156f06b447c75cf992cb6996f5f3745809e84d6aba1214e8e

SHA512
31b3c9e9a03456ed0b91e6450874685a1ae95e6054be854d482241b74f259375d0fa631534851526cdaf01a04b087b365e1b93fb4ccfdef5794a49993245344c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\10f4f17b-1756-49df-9cfc-0cc24596a8d9

Filesize
10KB

MD5
3bfa215035c9c86407fa0cce3cd8114e

SHA1
662f2896139d8df190ef0bc578660ce4a0fc5e72

SHA256
2deec61555812e91c5690b6f50c0664f77cc8b085e35857933532bc30ef8abe1

SHA512
50c2d9218edbb717a6237b6fb5796be80bf332c97591ade22bcdc2f1dd400a427a38e805610ad04fa583f88c745d207c82d3aeca22409f59e62ee74285ac48bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\d3da09d6-4656-4405-a97f-6e3a122f771a

Filesize
745B

MD5
67cf8d722bed0dfeeb0457080fd09160

SHA1
be8e08b93c87a88334e4ac591ded48be0db9b8ac

SHA256
402dfcb6cea16aa51b797173ef50e5c4f9a97c09ddee85ac6e2dfce058b8597e

SHA512
04d30f68fb51647c5e55fd3f9fdd789739f80bb48e5d2df93f151a86cbdbcd778523832cd43153e03d54c7537a4091aea8606d92d4484f8dc7a08f3b4ca0f7d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
ecdf09da66165b995fb7fb5f07f2b229

SHA1
93aeabf36ba609e4867e118fe1bf6e9594b88649

SHA256
3e4ebc83ecc5e9bb180b2aaa7490deef8de502532b52668d488bc84f520afefa

SHA512
eb96e073d6b9812b47e150420ba5c87809d3adfa02e0f46d8dc5d67d4c12a1be8126f59531df283c2e658e90a507984fded883ff2882d488a560a1b47d6974a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
38d3d17157ab0f3b2214b156f44d9400

SHA1
5aa4679a33c0730066e96e084d3ea234d55b7087

SHA256
f8068ae7559bb83c044d708a4ad5d0ffb9438e568e8ad824bb0e68d94deb1494

SHA512
3028e1279dd46a166b85a53095c87bbe91fb052e090463c1e5f398d63cf3c9b5589bb27ee9a250ab8f794c30996bff65ff500527238cf34db082c48d234ca669

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e44feeb76323eeb812d990bd711692c1

SHA1
52f9e1ea7a5006ce6a39b3814396bb9ac7a0a9ae

SHA256
6a76bf7adb74d7a3a3c58afb643c8cf86fb0fc0dd692864abd6874857f71edcd

SHA512
19d4ca1208950817be2dfc792c3bc2674d0bb2214beba54c6df1f4200fc5280d84d49e4610a4cecd7234acb66893a43cc20ab1d7ad839cffedbeba0df03af50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a8c5126a82b01d37908207ac23be4ecf

SHA1
1183f20e85e239dee25f8a540da4941b58f47585

SHA256
142833e29b497902402b2f35b00997122e82d424e0211164345a300261a6ac74

SHA512
df1f28d2cda27469d5b625e0c77fe721e549f24fbe2baa1518bb118a3a33364bcc04fa67df7b217803d547e37c4c86ffb844f763667f5ef9567ac0f9764a9dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
aaf7ec50cb105980cb437df434892f18

SHA1
ea366f21f24672db94d3e1ee22bc9d6c2fe74d1d

SHA256
e44f6dd44c64085d751ce4c18bbb1672970953b93ae75b17e9e93ccdb4fb0332

SHA512
e28f0e24e20077af544760b741eb3ffd27eb39c17fbe1d002a0bcd5d9ceafd96920c342281c1590d03e8e2c07922feabf224193e80a0af8b91276af6b1354514

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
55f68d66c0b6ba6314c1471fcc6c050e

SHA1
25121d41d017fcee587641ab0bdded908b4977c7

SHA256
aa6e62aa1ad5288dba775add6ddd0501420208415561e1045480472c2be2f6e9

SHA512
9274bcf0c69ebad0186de3ec6445636d880f9bdb537db2f535c57ca186deee20063eaf5340d2e0f1bae8f5fcab859ff5d8bcb67ad7793c74ae9b9da075719edc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\default\https+++www.pornhub.com\cache\morgue\176\{a6654e5c-267d-4e14-a55f-8e2b8bfe05b0}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
34c1f8f2b0b208a8a45aaef52c20dc68

SHA1
e1e380338a1c1fa620c9182c5a67cb0711a462fb

SHA256
7be1932aed2c635d0e6bed875146cd2cb8eb697c1b84fd188351b22b07230e0b

SHA512
5385946379f95378bd941f7a0ede15e0128e4de1c979dd203abacb26553a20386597d2936fb7691a1e90daa25e58b6768da7c1f260d24d757e636a8c02147630

Download Submit
\??\pipe\crashpad_2988_UVXYCTJMJTVRFSFT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit