5fcf1b063aa0933aead6cddcf5a4b126c2c040311865638e7a381335b7147d22

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-06-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aakash_Resume.pdf
Size

231KB
MD5

6a5d84f09c4225c1f3f4f80fe75a8094
SHA1

41e6fb6b7f4e9ef094a444d714f1d872ed17660b
SHA256

5fcf1b063aa0933aead6cddcf5a4b126c2c040311865638e7a381335b7147d22
SHA512

fdc63a57ad89f5a870ded185ac1f2d8b163a3963642110b3a2d25f0b81f04d630dfef8104d2d710c264e9fbe1aedb89c0e3d2aa02d8c4d11a48776f9950a85d0
SSDEEP

6144:K6ZNrAhniZp7zIHWFsKATmpQhyrDnHg0nIiarAHBfQ:K6Z5Ahq7zI2LA6pQhy/AaaA4

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2468	AcroRd32.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe
2496	firefox.exe
2468	AcroRd32.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 32	2468	AcroRd32.exe	73
PID 2468 wrote to memory of 32	2468	AcroRd32.exe	73
PID 2468 wrote to memory of 32	2468	AcroRd32.exe	73
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 2648 wrote to memory of 2496	2648	firefox.exe	76
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 2276	32	RdrCEF.exe	77
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78
PID 32 wrote to memory of 3320	32	RdrCEF.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Aakash_Resume.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:32
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A70B8C8678270F4660663B0F7095D51 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2276
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=286EAD0A4AE05EDEAC37BD488937F077 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=286EAD0A4AE05EDEAC37BD488937F077 --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3320
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D051DC0C620F1B26CE24FA54A2E74C0C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D051DC0C620F1B26CE24FA54A2E74C0C --renderer-client-id=4 --mojo-platform-channel-handle=2236 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4FC7F1FB5CC89DB3F3229C8772989F4F --mojo-platform-channel-handle=2616 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1928
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5E6416243CD76D262DB1EEB3333786B3 --mojo-platform-channel-handle=2720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A95648679343989A5456A6CD4B6ECA9 --mojo-platform-channel-handle=2728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.0.906040068\2124366047" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b30760-d9aa-42c1-b4ee-f1b4f70bfe51} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 1784 1cca5fd6758 gpu
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.1.1141859860\1000374368" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5af3085-3c84-47e1-99d0-f796ece321cf} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 2180 1cca5b3e658 socket
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.2.1665974672\243205057" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2676 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eadadb26-8857-4cb7-9cbc-3c243c434503} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 2812 1cca5f5b758 tab
    3⤵
    PID:3684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.3.234146279\839336133" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3404 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cace31b2-175b-4cfc-afa0-8b4d17f3e48a} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 3436 1ccaa631258 tab
    3⤵
    PID:1764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.4.211729338\45672084" -childID 3 -isForBrowser -prefsHandle 3836 -prefMapHandle 4248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b49d4f38-37f2-4903-a991-56bea04bcd08} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 4456 1ccab428358 tab
    3⤵
    PID:3820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.5.1038142865\1219761245" -childID 4 -isForBrowser -prefsHandle 3560 -prefMapHandle 3552 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10231b02-c422-469c-ba6e-0a98fddfb4a7} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 3580 1cc93c30b58 tab
    3⤵
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.6.796891387\614129213" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a9e476-535e-4cde-b213-f9707d36fe99} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 5032 1cc93c6ab58 tab
    3⤵
    PID:812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2496.7.834176146\598476263" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e43859e2-e803-4b05-920d-752367e94bc5} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" 5216 1ccac639e58 tab
    3⤵
    PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d734a3a7775caba4290460b9bc3380b1

SHA1
4d476e4223fba965ee666c6fd1ed8f8804631b54

SHA256
5271cdaf4e9a1742675cb6824b607ca52c1b218c6af27d9720b302a2fb3ab9a0

SHA512
d6f88f23f99f5e6e84a1aca5cfabddcecdd1bbfc5bca02ea027aa5ea2e4f03c1c035b113b5fb23dd9b9eb6f32cc46cbceb1307d53ad638b5d46652abd7f88361

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

Filesize
13KB

MD5
4216848eace7665ba231db75d4845511

SHA1
5564f54b59ba45e986355d801eb0fb4505f3cd4b

SHA256
dd05559f7373118a678aa377cd80abdaf9d9dd8c638ec0399ddcbf5d70b339f5

SHA512
913544b99f227abd987d00905d2eee4154cb0aaa665e99c775a1eeaaf734f7ca4c92ae50997ab6aa13ab7ed69746ee988d46b93c078a549d5fb5032099dc3bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0a6b43187d3a155a8ae1680f639d2239

SHA1
00257e7ff89276b721eb87986ff2f3759634c50b

SHA256
a4e0b223aad63ce65773b0a4c3e75bf464acb4fbf865a0803550d827b23bec76

SHA512
2b7f54a376a4b5266f6c6873720a3283c78984bfc910a31b396d9a3ac409e309079a6d967a424e76a4a967bf9614e1ff07507c81a6eaf1f81404363a3ad3990e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4c75a5a2-c571-4542-bde8-ef9048c8146c

Filesize
746B

MD5
7de3c2b6cf181b83c998a1b5bb86ac0d

SHA1
247497c67f2a913cadaf35e5fdf0cf14f5153c52

SHA256
2d26219b28a4a5bd341973ee1fc929014cc10dbdc4b04caf91296418d1f45103

SHA512
76b688bd7d4427b09f82f08fbaa305480d6a726bc54294b4577e14b1471d663b5b39ba316e02fcd64f9882923ad6d214a8a821e19751ef022a4530607fc0a480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ce9cb8e0-d44f-4c8b-9897-be651c7abffd

Filesize
10KB

MD5
8ee97fa94791d013b6956910c72faacc

SHA1
cd54fd5f03093df1750432f7733148742a5a97c6

SHA256
6f11b5315e76c6562e7ed23bea52050219f72106b0fefd271dff4d869212dd94

SHA512
6c0d532543320c607e5302fffd608e218d890c2e7b6ea2f3d868e57dfb9c0e34ad627e7b551dfebe3b7d7050eba2e9df7439e1e1831c295758edf624deb70afe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
311685a70278a5a1524677eb181ac6ac

SHA1
032846a3baac171a8570ba22b5ee86ee22e6c770

SHA256
68e26539d602b540c0e2f4a0470c0e1bcc382c9ae01032a489a59e5adf918bc3

SHA512
8681335322a34200051e6987efbd266f855ab5244c1d91cc62d6194b98f03db380535918601efde6854186dbd50f29d55c591e97590c646bd765141ba0aea690

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
8KB

MD5
a23a744d0b5d6446224a276ebf562d0b

SHA1
d4b9b72dc592339313b100c1a4b585987f9b579a

SHA256
ebbdd5b30181c4d5b760ed5e33c486562f228cd3c7efd847f0f2fe5c257fb821

SHA512
bd6f9b387d7e4445ae9f5ebcc5375ac10becf06a84bf980a080a6290ac511ce8fb30365e41fa8492d91a2e4349ac0b676290b110838cb05f266d93a706c3fe50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
b8edbf26233e0bae79256bd457b0cc68

SHA1
0ad06cec6a29bcc5a7c6218de55d8e6b49275bff

SHA256
6f48e576216faedee7fc12e24b92ec039edd5a46f727f05ba37470a6d5499ac0

SHA512
ec9b81dbb46201d9e404225887195eb8ab6d38d4b28a8adde470363c3f243af0b40729fc6cf14154ebef3aa22a3fec9ef96fed53dd41a779d5b523633b6fde42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
01747ae2eea4db5d8a0ff970e2201d13

SHA1
4bc37eea22c1e9d48084e7df91c0c910cac39c5d

SHA256
ebbed5785c0a7a664a10ccfa407b1060a3b0ef0ae4881e6b8974099ce15024a0

SHA512
005e5865a4a1c7822262b9bd385e95623022c8d37607fbfa2e5966c516128e7972a1efaaccb82839624156e5bfb9ff5afef37858c3aec9f4a357ab4946a772b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d2f0655ce34287f09ae20bba7438ad6d

SHA1
cdecdb21e6c653de931c72329f740b9b76fea68f

SHA256
3397f298811e45249664163f897ded00f2ecf5a46b3c34a13af8755e53d2c66b

SHA512
1220ff3f9cf4b3af039a83ea421248fdcc70f493ea9039b7ec289123e5ec1bdecfeaa4446e8ccf4902390c1c7f8d0d5edfbb1522ac164beeadc7e4b529537332

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
40eaed758e2c976b76e14aded5e99706

SHA1
d72394f885ed8f8607820fd22746571f1efaa477

SHA256
1376f86b1299a689c7f3985621a7316046ae73e50acb5de50eb28fadbedb9e9d

SHA512
d9b57c48a3080652415be21923747fc99e8e1113e31e114ad6d159638b78a4cfc343ea5c9f7b01bdecdf0ede481f4f35715d6bbd4b4ce543e6a2f0cd64d80935

Download Submit