Resubmissions
19-06-2024 11:20
240619-nfdfsatelm 6Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
19-06-2024 11:20
Behavioral task
behavioral1
Sample
mig.rar
Resource
win10-20240404-en
General
-
Target
mig.rar
-
Size
30.8MB
-
MD5
f5a74fbbe227e97606196d2ec04b6b1c
-
SHA1
fb859eb77b7b336469c0e5e9535de3e765aabaaf
-
SHA256
9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae
-
SHA512
8a1b1544e23b945d3770d375dcbb740b8b158f0b270d4ce89243a142f1e4b26607565040480d748fad5a5c8753a6bf009f3e3042b1ceb04e8cf6230a04852c27
-
SSDEEP
786432:2PLsMBwJl1ek7ErWRPLsMBwJA6hd2NtumPTh7:MA3eRrWNAAoajTl
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 13 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 4 IoCs
Processes:
cmd.exeOpenWith.exefirefox.exefirefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 4900 OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
firefox.exefirefox.exedescription pid process Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 5012 firefox.exe Token: SeDebugPrivilege 5012 firefox.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
Processes:
firefox.exefirefox.exepid process 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 5012 firefox.exe 5012 firefox.exe 5012 firefox.exe 5012 firefox.exe 5012 firefox.exe -
Suspicious use of SendNotifyMessage 7 IoCs
Processes:
firefox.exefirefox.exepid process 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 5012 firefox.exe 5012 firefox.exe 5012 firefox.exe 5012 firefox.exe -
Suspicious use of SetWindowsHookEx 34 IoCs
Processes:
OpenWith.exefirefox.exefirefox.exepid process 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4900 OpenWith.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 5012 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
OpenWith.exefirefox.exefirefox.exedescription pid process target process PID 4900 wrote to memory of 96 4900 OpenWith.exe firefox.exe PID 4900 wrote to memory of 96 4900 OpenWith.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 96 wrote to memory of 4920 96 firefox.exe firefox.exe PID 4920 wrote to memory of 2836 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 2836 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 4216 4920 firefox.exe firefox.exe PID 4920 wrote to memory of 5056 4920 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\mig.rar1⤵
- Modifies registry class
PID:4152
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\mig.rar"2⤵
- Suspicious use of WriteProcessMemory
PID:96 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\mig.rar3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.0.1734048347\1363539524" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eab50d3d-9b5d-44eb-9f4e-2b66ceeab2fe} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 1736 2584d505f58 gpu4⤵PID:2836
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.1.33854124\1733839865" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aecddb17-8955-4e66-ab05-1794c12019ea} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2128 2584c30cc58 socket4⤵
- Checks processor information in registry
PID:4216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.2.190135427\720124301" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0ea3816-d383-490f-a7b3-14a7c16bf301} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2972 258504dae58 tab4⤵PID:5056
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.3.1515027975\1573237792" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 3136 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52092e34-2e40-4cbe-b9cb-502695097025} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 3580 2584ed31258 tab4⤵PID:4548
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.4.1292218975\1584590949" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a796db9-0566-4767-8d0f-f288bf6d908d} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4952 258527c3258 tab4⤵PID:5060
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.5.2082575786\1465545882" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f6b950b-4b18-4aba-916e-98be0f9e5d18} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4980 25852d60a58 tab4⤵PID:1772
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.6.1262219947\181371767" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c749f3-91e9-462c-89ff-4c547f37b3ef} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 5260 25852d61658 tab4⤵PID:4132
-
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:4908
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5012 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.0.548709657\432600519" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 20871 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97399c98-6da3-4f60-acb5-f22b6a3aed7a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 1700 175d0cfb958 gpu3⤵PID:2284
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.1.1933307694\606107590" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 20916 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8739bb71-c330-43c3-aac6-94aeaf38510c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2000 175d093a658 socket3⤵PID:3808
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.2.1586821445\1323031595" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 21377 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead71206-55c6-4525-8b3a-bb7a645ad093} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2652 175d46cab58 tab3⤵PID:4980
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.3.1930198894\347114784" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26555 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb71f876-c24b-494e-a026-ce8819599a7c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3488 175d47be958 tab3⤵PID:4416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.4.2135217086\211353119" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83da8077-5927-4ba4-8e6d-c5eb8d10b3b6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4360 175d6faaa58 tab3⤵PID:4728
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.5.300875890\1092511026" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f4ed84c-9743-4e1b-a69d-643821cb52c6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4948 175bea5f858 tab3⤵PID:1188
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.6.864033129\357177316" -childID 5 -isForBrowser -prefsHandle 3476 -prefMapHandle 4872 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f10de7-fb79-4f61-bbc3-f5aedfc54697} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4400 175d7bab858 tab3⤵PID:4904
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.7.2079774976\581414487" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55dc869b-da4f-44fb-b679-c49f3ee6f08b} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5180 175d7babb58 tab3⤵PID:196
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.8.938767015\1311018856" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb33fcd-294d-4c41-ac13-a39c8fbd989a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5540 175bea5b558 tab3⤵PID:5044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.9.110112706\1650064580" -parentBuildID 20221007134813 -prefsHandle 5532 -prefMapHandle 3244 -prefsLen 26879 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c373c6c-e47f-4c7b-83df-8f3800c9b779} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9872 175d592e258 rdd3⤵PID:1380
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.10.604370340\1147046307" -childID 8 -isForBrowser -prefsHandle 9508 -prefMapHandle 9512 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e034efa-edfc-4ec5-8e32-834d94417ac6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9500 175d89c2858 tab3⤵PID:5072
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.11.408371872\1923070658" -childID 9 -isForBrowser -prefsHandle 9500 -prefMapHandle 9484 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa1d075-8ef2-40ca-9520-2124fc720cf2} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9336 175dae96e58 tab3⤵PID:4756
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.12.1997064004\1240957416" -childID 10 -isForBrowser -prefsHandle 9156 -prefMapHandle 9152 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09542c3-a83c-48e8-968e-c84ae5e49f7e} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9164 175dae97758 tab3⤵PID:2152
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize9KB
MD52a5d991dbc7939a7f05d6292ba1b95f6
SHA13c0a66a7556cb4d4c7ae0e850070704d50ca0187
SHA2562f367158dd88b014d21cbbc1a8b6f1303dab478ab5b0c1323081e7c3dbea1dd8
SHA512e8214a6f7f13db4e378236e54c3670003b8b1e6d346ad95814dcd9cee0b0cbe64dca3117b37f4650197aee437946a2bdbbe15de682f1890492287782c98b50c6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize11KB
MD5cd6beff75cf34f10429b1699b254c2e3
SHA1da40ee47bcc201b301bfff7f9141e31edeba9185
SHA256dbafbf64c69592e0b06a7f3d40a309d80fbdd4ef88cdfe61e2562ce6abcfc1c9
SHA512f4c85bc31a8024256b18dfcf1a295ffc3ab2180d1a7061091d174bf4f0ece6acabaf7b2b34de740ea1be45c355597876501c247266138f32ff6571d5f7b165bc
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize13KB
MD563376b50631f9a4968eb6d2b9c6a4938
SHA1378d22ff8bac83db73c2143c8f617c0e706f59a0
SHA2566aaffe0d1a052a10ca93372065cdde06f9aa13e691ac0219b5cef0ed34309255
SHA512f44b646653d117392ce1058c42ae66945ad367dc1838d1fb1b3d2d4eb96fa3909fffbb9aecf08fd1e138791eb973d07de5b8bea370a4a5c366a3cf1a499e7a0d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.bin
Filesize458KB
MD5ba124be5761a8fbe221625fec2d7ee84
SHA1f8617b00ee3c0d312c28852369da1878d564ad73
SHA2562f4592abf022de009ea331c95b31ef760e78efa67b20c7d66b054e8914d027dd
SHA51253ce61703079932f08d881d51daa75f46a808b1ce64c1c0c85d56b6af2e6922294ffb7245ffa6375b8106ffd6e9750612f1ce53b97d955e792a707a2c277cbeb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin
Filesize7.8MB
MD596a3edf9bc4f7adfe3a36c81bfa326c2
SHA1e7dcba185cd5b1db12e407d1bc6123c1519df15f
SHA256deb057a910e0c0f33f841d236ec56e197224eb6bcf10f8f702f8cd488fa05f1e
SHA512ffeea7557ad6ad612532fad25a4c29e5f3136e8316a66c50bcb8a11db24f59f3e250aed01caa304877fb21b054653c5885ec8ecf8bbc85e2216ef99d083f395a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin
Filesize3KB
MD578e9bde83fbbd72e2404532880b2b473
SHA10ce1a50e320f9e019ad2e9bec8c8e32a710a2bb3
SHA2569ed3efe6ae9073daabdae60d35cb57276377b4106d6e33ff75c5754a62e7e33f
SHA51283aa93970a39209a876d37889f4e8e673578055a6798b586565e030850ac7cbe08ed4fe09a702ca7171653c9ea317b058157b12c037d0e08402d2a50186a9167
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txt
Filesize163B
MD5d03fe0ce1a5907cbb8a6904c15cc53b3
SHA1363cdc58a832031aa533f2ce6f4f50a8aa8910fd
SHA256a5b8fd4d4720329e6875bffe183a39bcf9612cf1b784c888a8665411e1cd8ac3
SHA512b4ac52688dcb4402161c26b572741a69d819abb92f509194542f327d0edfb3af8037d98f92a2e245d2dcaccf7c920d1aabfeb28772bfca7d6f034be843b13e65
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt
Filesize324B
MD56ab17f83f6a990949a2670330ecd5335
SHA14ecef939aab21b9f1be25b44d89a2fc284d89d9b
SHA256a937bb55b3c88e94907be287244fa132b10e15740a078e29ac9bd2382d792603
SHA5123d3bb66cd0584c5e1c814b6a69cf1aaeb9194fddd20192029f5137cb94dba9a26fb5b6e4b25030c510f037d9bba8011283052181223f01c22aff9bfcedeb2508
-
Filesize
224KB
MD5ae9be5ecea458a0a5d7a48c997db7f67
SHA12bf3217a38c6a2471fd727aada9b352b42ebe79f
SHA256a7ca2edb552a6754ce7be3dbb4e1856b5b0bd00bcfb88b16ca78bb04e8d4359e
SHA51243e9a2ea7ecadc0b2a1e720f4a9e698ddec9486849725ac428867c695624300b74a580bb4bbd63d87a9862460cb37aa173133679e7d8d999de97e9446f82d362
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD52648406df869daf6f7b0b63c228aacd0
SHA199a181bbbb8b3d6907cfd04c3d626584c345ab95
SHA256238ce1a280c329872b7ee1fc3c8791dc82dc5614cfbe2fa4896cc966e356e486
SHA512caea151d3dc7e11fbb6b2b3c656bf4c2ac43869cf595f716f6310293dc47991234f21314e76f0d1e216516e1f61c144cd738ce055e06dcb81d96512371355424
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
Filesize4KB
MD5f3aa0d48ba52eb53fc74832aab250ff2
SHA1676e739b686e71258805dfa7610d63befb353837
SHA2562467a71f47f7d793c56dcfea267a0cfe0c3f342f082b48abe77aa2d7e0b192d7
SHA51204616ba138bd5c459c11c92d5364237977accc9159b1f4bce2cd5b976b6e70eb65ce1ed4d1e7e3e5c8671beb9627369676207254a0fa05caafe645529f48abe2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\58a5a68f-a2d1-42a3-a9c7-559818c05e4e
Filesize746B
MD5f88f4a42d763e52d93e8e2d04e809134
SHA10f1e3b262f08f9101d981a9900bd7e977db7bf86
SHA256726cd0bcae54c4e5823fe4b25116ee07b3f08e55d26a1c3f69f55cef1707478c
SHA512bf339c5829b9147ba1c807d3dca0a4c3a8869151988f88deca1c08ab3a5eb126d294281c6ca5c631e7af7a8c69b908554143e84ac8ae3a2ade2c4c102d9ae615
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\79b410de-f328-43f9-a464-e5e033913f8f
Filesize657B
MD5ff1234ca66cfa93e9695d738992fdaa9
SHA1e0629bbaa1b28c1a9bd6109908b9fceb55e2ff35
SHA2560f57d2ea75c4b4d30845fe3510c76f46c234ab2f21ce428aa828860b58e59370
SHA5126571c6345d28277d88636e3fdaf1b3efcb133ea19db48479b6ad1014ad1ee8108d82c187eb03da639cb7d0f10584a8b4c5c7a3b3c3349f4ea539ccc635ba0fbd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\8590be2d-85e5-4b05-a2a7-12344350c942
Filesize10KB
MD5a6859621859e17dd64da3693e597f864
SHA1d5ff0388c89ee08690c7a478b5dad98ee0bbf672
SHA256294d622bb5b9cf29ab9c4439cdc10fc0b6288069b10526d7c6d86db34c3035ee
SHA5128ff4d5a3b97a939f7c066d5433f47f445234f8179f36b40cb4cbbd2ea33e6e8070e2c624ababb2dd565255c09491cd64a8672a43ae7f4f02d848e4aacf72c899
-
Filesize
5.0MB
MD5ebdc8a10755644311b89fd4ead0bbdec
SHA18762835c61375df637416676d56e5bd5797c10c8
SHA2562d0f5cd517d899f2373806e16fdfd9757f094dcad61a2008e21380da4ca48692
SHA512cf74f53c660a582d8bb40afd3d31bc1a6ce0ae57b98dfb95569fcc1167634f4af429ebb54cb81f08472071d7643f1f888cc8694c8e0849bec73b097792e00004
-
Filesize
6KB
MD5883e26bb5ae3aa94c1f7bd4314dc75dd
SHA1da17c67806fd00e07845ee95d9950aff49267b90
SHA2568adcfb82f660d2ae736c21141d4052c81eb192a7fcf3fc3fc9e2a13f7e52b98a
SHA512a671b1eba634cd6e659d8c01d22d115629b79bed6c819e63fb2c0492cbd15b031cd11a778430b2e795852f48fc170ad0db2af6a76dcbc51afb419210fe61f64e
-
Filesize
6KB
MD59f2e29af97c337b0a1f75a5f0db7daa4
SHA1233d14f0e1493da4ec54e6d558be6771e570d8ff
SHA256dfa1bdefeba851772b9140bd9e8e9aa1b575913ba67d44f7eb54ecf96bdff488
SHA5123c22b987e300ee3cae283a0930e89ce153cc782ca4a66bd895587b2f143caa459fdd91f65ea3e5942c968cd3b8e9e68f3614c172c0612d52d359e27d667d7f41
-
Filesize
64KB
MD549397db0486dc59d607907a086f40c9b
SHA108742ce9db9569062def08e99eea8470702feb7d
SHA256890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json
Filesize288B
MD5362985746d24dbb2b166089f30cd1bb7
SHA16520fc33381879a120165ede6a0f8aadf9013d3b
SHA256b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA5120e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp
Filesize53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5f0cbd46100f12c56d8fae2f9d68976ef
SHA1cc8681b77cb8d185631f8bbffd84ee447ad9fc3b
SHA256e65e95fd4378d074c2f09c86f28fb2020a3a3858715f1752dde4fd95691811a1
SHA512e9268459109f91baf4d62bff8eb1de2acb8afc2f355f19101037b9352b86c53278c3e0a9264d8477084c22f57cd49c4e93f147e990c94b56e704b49da0c3b870
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD57b66e749a31e901f28bc02ffef78598a
SHA17bed739f790ceec0d223c1d65c0b2c947dbec15d
SHA256a6468655a8c0f59a376c0937ab41dda0bad13fbd5416e57f8cc108a23330d469
SHA512e7ea963473b66b4403854656649e883d810878017f3e70740a8501e43fa88851c8df084df7216c348fc2a844525149ed8f0ba0e0adc875e4e1cb224865e20d8a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4
Filesize647B
MD51daab3344552b1029d2dc64e281eec27
SHA14314979740f3b938ba0f903654762649bb1eb57f
SHA256038385794b27bbca12a2c46f60d2a8bc65abe9e302428ffa72ab4dff3285c35e
SHA512e5dc5a45759979c22e6df2e887559aa3a49fce194d0c99585c141dc30a91b50e5f885feab23a6a3a3481042386a78d188c57a93784763b432c8d80385d5019bf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize48KB
MD514ae155c2e864ce7c50f42c2724cd2da
SHA1e487403f5dcdbc3228ba7c7a817e33eed9a5a521
SHA2564db348b54f151afda5d1d155de5e576396a84f6086c7a6ba6ebfd72215296d7d
SHA512143541d02fc58e1d79efa39392dab83e8d595778858c7eb27b6ea1479324c9034d883b16635ebe379c75afaa3e843c7e6df91f134985a6c2e6462e46db462c5d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD53018d1aad8385b734068dbad441e344e
SHA12a3925bc92ec843db64b6db2cd6fe18ccf084a86
SHA256f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88
SHA5127ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD51eadee17eb5170b7fd19d16f83948ee3
SHA11df425538a67802680339e4cd3e1926c7c39ce9c
SHA256f060c3546dd41785ed96b74fd8572193e51c8fdabcbcbd7b99b797e638a85737
SHA5129e080d3c8068338266d6797e77dd9e120d45b42ebe749bad06b6f2ce65213de529ad4510337670ef82713373abd9f6f6f8639b62b7e403f586c8fc5b8d55cf19
-
Filesize
217B
MD558e240288763218d12bf235d34e5aee2
SHA189135494b57f590011c09668dec3b90d2c5ee9ae
SHA256615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176
SHA512caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936
-
Filesize
30.8MB
MD5f5a74fbbe227e97606196d2ec04b6b1c
SHA1fb859eb77b7b336469c0e5e9535de3e765aabaaf
SHA2569d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae
SHA5128a1b1544e23b945d3770d375dcbb740b8b158f0b270d4ce89243a142f1e4b26607565040480d748fad5a5c8753a6bf009f3e3042b1ceb04e8cf6230a04852c27