b4260a647d6db5b7c26bccbaba6455bcff3d7abc6d5740f1b35bc9cc6fd70bc7

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

2KB
MD5

15128c654f26eeb6b61baeae5b3d6f59
SHA1

c7a18064faa7a668fe31ea8625d72a531783fdf6
SHA256

b4260a647d6db5b7c26bccbaba6455bcff3d7abc6d5740f1b35bc9cc6fd70bc7
SHA512

5d64eaaefa7508e9909b52e6dd30fe20fd456356be596ed416f4b5b6b901f2c7a2dcab76d5de5638604c0c4519d9802dc6813c7c4f972d5f9b683ee527db4ee0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4480	msedge.exe
4480	msedge.exe
3348	identity_helper.exe
3348	identity_helper.exe
6988	msedge.exe
6988	msedge.exe
6988	msedge.exe
6988	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
660
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4480 msedge.exe
4480 msedge.exe
4480 msedge.exe
4480 msedge.exe
4480 msedge.exe
4480 msedge.exe

pid
4
4
4
4
4
660

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeDebugPrivilege	2796	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

2796 firefox.exe

pid	process
2796	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4480 wrote to memory of 3400	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 3400	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4320	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4236	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4236	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe
PID 4480 wrote to memory of 4100	4480	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
2⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
2⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
2⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18361334884748788776,15927564506405122693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.0.272561494\959304722" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38ff4028-f06a-4d7b-80d2-42c3a98e183d} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 1868 1bdfff0cc58 gpu
3⤵
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.1.1649181781\1488071523" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f26e79d3-8be6-40b0-87e6-b1f8aa454277} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2436 1bd80477b58 socket
3⤵
PID:1948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.2.26103850\1403813617" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e09ca3-6160-4c83-bf20-bdd797cf326c} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2976 1bd82e13558 tab
3⤵
PID:872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.3.1735393914\2123149446" -childID 2 -isForBrowser -prefsHandle 3980 -prefMapHandle 3972 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ba19dda-c0e6-45e7-ae2c-c105a6f382f5} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 3992 1bd84ee1858 tab
3⤵
PID:3632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.4.2102530848\1483394796" -childID 3 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36a36e08-5087-4ca3-a3c9-577f4ff49e7a} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 4924 1bd86face58 tab
3⤵
PID:5272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.5.1829464513\1192244629" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8275a7a6-668b-479d-b9e3-c2da63a25bc9} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5056 1bd86fad758 tab
3⤵
PID:5280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.6.2026437439\736219995" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {836e1493-56bd-4a19-88eb-974b8cfecc24} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5252 1bd86fadd58 tab
3⤵
PID:5288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.7.2045694814\1173471097" -childID 6 -isForBrowser -prefsHandle 5072 -prefMapHandle 4924 -prefsLen 27771 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3140a475-8e33-428c-b276-791ceafe180c} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 1544 1bd859fdc58 tab
3⤵
PID:5584

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0d0eaac24a3843dbbb36a547fa479b24

SHA1
f2bb80633f0799830c20eeb3785887e91678fe3b

SHA256
8516a165a512fd6666b5e834a2f997c88db325e821b27df5321c42ecf1753f92

SHA512
49d29c764acc11ee2a1f214952922f34de0e81b0c7787b86c416a6613b7f9865c67851176cde8ed2ee10599e3bc89ee5176909c3ba0f7523d0bdd954ecc1afb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
bb424577a9a8552d77e18cb5c79be1ff

SHA1
48d9e4197b01be61e4e765a0d2ea8947e9c55886

SHA256
435a40923bb0719101f422b635b2951ced54989e25857f66d3a4ec250c49616f

SHA512
2168bc6b4f765c0723a78b802f8cba6d49c8f63c4017ac1b4ec5cd43fc73ec85f4f1050445d86e33bcf3b342514fa5af627351d51c9bcbdb4ca2dfdd494d48b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
ac12fbdd2dbc03bd18cc85b43fce9684

SHA1
7bce065c640b6e0caedf961d5710a48e0f6f082a

SHA256
2fe14d4c8c509505bce2a80449631c78312280440020c1bb75c346013fb4ecaa

SHA512
d340e8b356340c50da9a9876d166c59e8971e60a708fe329581ab8366a86afb47cccb7abf4d8d875b0a82d86b9e9ffba1dd6733541e8f7c10143748645aaf3ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
9f05ac59e4a1693b29b5ef4d20921735

SHA1
69f667226b467f2182a7e627c70d483d74097415

SHA256
69fb873e40282e88aa2b7a7cf332c4f087379f78564b271592daf1b81652dc11

SHA512
9bd4237362c379fd6386755e4cd16b69786b59fa280e0ad476df84fe1927912c9dfb4f09846655bc50998869283706bcaa414db9839f0f3145ef7d51a0a36437

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
Filesize
7KB

MD5
c3e469b6377c9344279f39760d4531a2

SHA1
4dae97ecde1184358a2066a460b6b198d485335e

SHA256
f0d451f83ee36450942a3564819ed164725dacdda15108cbb2dbc22b2b34384f

SHA512
006027f9b2d53d5a5f4c53cd95ed719a6c4848582830074b81ff9742b090bc9072a959a76d31f1ebf3caf5796286badd0d03d4cb99caeaa61d6c5c49ca6c0a06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
Filesize
8KB

MD5
51c7b8b9e4f591c993861988b089eade

SHA1
64d11345b6fc6183b9c9be4b9c6ed2aa0028e886

SHA256
ace8238226e96d431ed1a6ca9c287a3b6d5dcebf2ef5ace7dcfee4711f6140aa

SHA512
4fb39d4fcb5083785f2350e16277f076a51b482a82dcf204007c6358b710b35b37687e7267e674651c956d35e6407f6fe6df3600f135d27608ffd2fc07e72eee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
Filesize
6KB

MD5
32d104cb6c1a2a5418d31c20a0c57db7

SHA1
c46dc8e4f9bd5ea95510dc6e7d590d0486b2fad0

SHA256
0fed42ebaa10c24e09391cdec82d2a27fa62660c9522d72365e67f18d0eacbc2

SHA512
b618e4994408f9dbd475bae273bc48f2be53718f1c7370b906a83abaf5818bd20def50c3e2520717022256f937e585684424b5108ca410819bebd33f6211c6f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
Filesize
7KB

MD5
9166423aed7d5494b99d6657aebdd2b2

SHA1
a3a1ae2de1c8faf2ab87c3cab7fba74c405729f7

SHA256
4f9ec5b7671d0bdfceb1f7dacd9238a2a4b9c891fec68620d20d47adbb13fd44

SHA512
cc67ebc4f943b712083f7961e262eed53aeef84d6ddd9a849a5307b6fc466ba898eac7348150b387c8b9c415d69d7ae8f14e1a058e7021294acae32adb8a35a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
fa25cb1ac9a271f5caf2e8e202027fe8

SHA1
d218f86e37c00af6cd49011277aa129971e37468

SHA256
7f0099a1bbedc6e7297aefe925be810e3a524361eb4d240fd4c6d03f0682963d

SHA512
766e541e448424a471400240673f7f271351cf08f5d4f4bfff8816229f88bc6cf1b438eb4a28d27617543b6d0c2dad0286f0333392a1f1de685b82b11e8b4109

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
19b4cb0b4437a038b3b9af26f3e4cfbd

SHA1
5254be36df62e51c46ed2a2387ceb84e54136f2c

SHA256
2fcbeb001bfde2f42c5ae93875940b2c2a72b81d7b93c8f6b81acd8eb080bfba

SHA512
c9bd8f736e2939f80ebcd583268618396585127fbdb50cf0443de136b6785a7533d2916b9b90a92eeb55376323b07d25dcb74107baa2c4b56af04f00506d8bed

Download Submit
\??\pipe\LOCAL\crashpad_4480_SUBTBXFXOFZUJEZZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit