a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

Analysis

max time kernel
143s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
03/07/2024, 16:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

13KB
MD5

6557bd5240397f026e675afb78544a26
SHA1

839e683bf68703d373b6eac246f19386bb181713
SHA256

a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
SHA512

f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
SSDEEP

192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
13	discord.com
28	discord.com
40	discord.com
1	raw.githubusercontent.com
3	raw.githubusercontent.com
5	discord.com
11	discord.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644976550977964"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1156	SolaraBootstrapper.exe
1156	SolaraBootstrapper.exe
2280	chrome.exe
2280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1156	SolaraBootstrapper.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
3168	firefox.exe
3168	firefox.exe
3168	firefox.exe
3168	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
3168	firefox.exe
3168	firefox.exe
3168	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3168	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1740	2280	chrome.exe	85
PID 2280 wrote to memory of 1740	2280	chrome.exe	85
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 3084	2280	chrome.exe	86
PID 2280 wrote to memory of 1900	2280	chrome.exe	87
PID 2280 wrote to memory of 1900	2280	chrome.exe	87
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88
PID 2280 wrote to memory of 1920	2280	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbb6bfab58,0x7ffbb6bfab68,0x7ffbb6bfab78
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:2
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4848 --field-trial-handle=1756,i,9202442936848997200,8967106853635080410,131072 /prefetch:1
  2⤵
  PID:3500

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.0.631541485\2034358778" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dc8157d-c6ba-485d-8639-6d2779aadeac} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 1844 274f5a0b858 gpu
    3⤵
    PID:4912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.1.442022870\1208390156" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e633422b-958e-4c98-85f3-7c83224df6f5} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 2372 274e8c84d58 socket
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.2.1241464809\2074567939" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2964 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492841fa-4fb2-45d5-862f-516716631262} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 3004 274f881c258 tab
    3⤵
    PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.3.73780570\2111159879" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05118540-e8b7-4279-8848-8d7be2191f56} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 3564 274fb518b58 tab
    3⤵
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.4.2029615318\2026914082" -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5060 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4a589db-26a8-457c-a443-c846bd2fde3c} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5152 274fd2c8258 tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.5.1901825402\2014018088" -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 5124 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b97afb9d-1599-4df4-9747-5f29e9c31651} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5284 274fdf8d058 tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.6.1681422974\1708814514" -childID 5 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1572fe1-7d4a-422f-8ca6-e41c0198e28b} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5572 274fdf8ee58 tab
    3⤵
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.7.2088259207\6350021" -parentBuildID 20230214051806 -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {316372d8-e350-40e4-b161-102a60bce6aa} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5924 274ff4e5958 rdd
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.8.654390452\1292985197" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5284 -prefMapHandle 5316 -prefsLen 27695 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5a1eb4-afbc-492c-a557-96eab9ee6be8} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5908 274ff4e5358 utility
    3⤵
    PID:3172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.9.1472742842\2144298525" -childID 6 -isForBrowser -prefsHandle 6240 -prefMapHandle 6236 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13fe12a1-7c15-4ff7-8f77-b4e52dc00723} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 6248 274ff98b858 tab
    3⤵
    PID:476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c4badb093707fabbe7baeacb4d261c0a

SHA1
578af5447876cf4c9c36f7f4713d094df697729b

SHA256
3b11d981dd4ebbf1917f8799d42a0908d1a3bdc4e74990cb125639538f509605

SHA512
789c857e384bcd8f5df8f98609b4257e59e4ee34199229a7452b4e712ca2ea2187b9d13b7b4e503845f3973153ffcbbdefbc6f5d16030086452092ab8b0668f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
070bf5e882abb800380fda44fdb059b8

SHA1
4e52a56260a104ddf43129df36316348de6a0781

SHA256
2485e74d07d05e7d9fa3c02a50fdd7b0084e9e7e3cca371a8a7d77a62006e9d0

SHA512
9df12e6723ac4189d26a1ff3e54a2e542c28291ef11b08a0ba5f6f36380ee957a348a9ac5e75fca37384b04ac95b20b4da358dd0e313e24e0ca9bd2264023eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b53b204f20c16097d88cf211db2037aa

SHA1
9404fa690651a3e7cd1bd0ddabd73bede9eaa58f

SHA256
4755b201fba5164895261042c06d78839ea024337ab0e03b78e30bac85160f66

SHA512
2509b5c54591ce2aa1831aaf7d1b2fd97bfe98b2c958d867faa79b1ee94d472879f4b25f2d0dbf8473b3c7e9b42c95a7072f990959968582285f9a5a18ac4c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d05e41f97d870f55c6d5905811af033b

SHA1
6c1a07058c0e10463b2b7739b228143b576dd60d

SHA256
02804a2b324859667954c91a99c974a99ae378da0db9f05807c90397951ce7cc

SHA512
edef633aa356ddb70773a7951a37c04bb6472d14a1b32e950d236ecc0b459eeae3d4b0212710f2b8e2dd4a1ca5164aefd5fa4ee66a91f2cc2fc054a6b116b240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0ab4efeafb93a5cfb0084ad057b58f84

SHA1
3fa800706a697f0de1e6dc28ea93f7a93d5f941b

SHA256
58ff250e4ff7abe8357dfdf79357d2cf76c528e7b9d42203f9ff7872e5c26e39

SHA512
3ae81a1f5e1b0e096f70752db8c0c7c888ca9d06b3db3608735ce1bd634f56e4efd8056b1608a1ff111f011a239b7acf74c5a57312a1054c7f97f4e13a587428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
46ecd7c8bf1adb5e0a029d659865b519

SHA1
5b1fe48090bf76d9172ff6072df10043f7131425

SHA256
351c7f33eacde0760b144db365f6838d306f6625759d1b86a800c88b21f2064c

SHA512
c463cf9b87f9423099a8843ca753aea563a6f933da56a4c5ed042e3b8a00d689d1bc894b7fd27d07020f12a9d7fd4e99d6bb3135fe573953a471d68ffc8c14a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c21ff80d93cfc325a42627f44ead4c66

SHA1
f320b48c9ff7b88109f5995a737f299c3526236f

SHA256
acfb8e9e2d2c5102a79e0d3df29b69e43b80e0c8154d86995e28e5e8d35ac080

SHA512
14377d7eb590005dc3600820b7249a20e88aff06ae62e27cda460410fe6adc9a53b9b8f395fb0cde64028d4353eaeb03ae94236fb248afa1663aba33cd57b9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21be2c873edd95d7797988b8ee4e3053

SHA1
0eeb75678c02cca2530daaa8a3f52217bbef2ffd

SHA256
2f8940eaf65282ab91c9c115c7673f1a2cd4a522f2c4637a31838e635232355c

SHA512
08f67561eeefed25029db296dcde72e31dfde047a2ebf104580d47443b21127b17660df130b0f2c1fa3ca78291ab443db0e0525e5d359d81997c4663afd476ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f77ed55305297e7db87e141d9ddd047e

SHA1
b99568a595de7ecdbad664bf029d31c52d1a6f38

SHA256
c69f1a9ef18188ef63081245cf24809cea505bd5a005e333748f1c71dc92010a

SHA512
e78737c7b262dc4dbd504acf3e4463c26a2e69fd0da9fb35da1d363b8910eb46d1bedcc1ce52801ba338fc97b8281070d78be89af1047e23ce4ef4b15e80bddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d5533ce6a429a72ca062bbcc6d70fc9b

SHA1
ec9f9403a0991714a4f2b91aec6a03241fda8ffd

SHA256
5a2289f61cce2ce35ee3efaea39f26306d48ae40b2bba30b612de11b7ab02adb

SHA512
f59b34f55c20c4fdaf5560f7a9c784270d8a721283b63d39474c9e310a556a1d1d3559c9e72b63507f88bf737094399587e569e288a753f4e63928dc8c6eeaa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03dd0ce87828a45e41f152ea9f622851

SHA1
41af882fe16eccb7b3f11c574ced090a6a047d84

SHA256
e5c71214253de06fe435a40c6b2fdf83c8384dd373092ab45e8ce918a152f79e

SHA512
623be485fa764bc1c34d28e4f9705adaa8d0299062f28998d148884776b9a07719bef6648cfdef4a56b0249ab4751e0684816da2227de09cc6398bb4d2e20639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
86b1576b8026cccdcc77ffaac2351713

SHA1
68162ce17b0c15c9ae236a79a9897c3dac5f6dd1

SHA256
db197bb891d6ed369a4ef6993d32e775c29e9eca8815afef27da3a85e1edd493

SHA512
4140ec519c827d72357478efcb0d223bd9e31b93feeb129a219b14e9211b09023ecb3254361cdc228c16a9eb8e28dc55e335f9cdfe30488b9f14bc115c11ec76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
2b9775aca1e77a3f2592ed2c28550236

SHA1
83ce52b469672b64023bd2cd23a00e73ccd0c945

SHA256
e188996374bc73e46d59caca3df45c18cd7332f8b9449ca81a0b497bcbda095b

SHA512
86fafba1c0e188d48e1e50b47a31db158e0c4c560bc90b9f207d938c1516d8d7f37bdae464f6d656be7792826a0e2ce7ba96917db63a488510aa26f2f6f56e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
5c75ba0b6b4331061d0e9068c2d0f95a

SHA1
4b1bb95e70362d740f0fc71beeacbb10cad82ba5

SHA256
820e22edd84ec57b4528c0b980614e0a039fba5060accbc34655d986cfe7252b

SHA512
57a3d7edd96147961d2d28042fb8ee575ff615ecd130feaadd2ab79604d1950bcdf46e5501f1c091a02e14dfe6686516979c51ae65a6d33b78b59ac38d96dd50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
81f4c89e43525fa2d02ed91d6eb935be

SHA1
d29d8c50e679b228836831a60c8eef22aaa2ce16

SHA256
1cb7669555af9e2439f15317c3fd0eab66993828ea186031ac8c1c85ec99c17f

SHA512
c25c371a10e4160650efe50e3d9036cab96b27d218a4b917988bb19960f0ed44b63c94028e60ea11b6834a233a7a5c4e35a9ea2024e7b3a7afee562574a489e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7n4npafm.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
dcf2e12ef1158c07e8ed3b31a6c556df

SHA1
b8485455ecb9be9c07996b515c5b51c9801e98bd

SHA256
4201e7c222a74e90f52f6f7f382fc968b1d583ccec4a74f9980b75262c89ed35

SHA512
a5080e8fe88861dde14b9e99dd18faa1c319a834da0f05efb5ed5962bafc1cb8dd702c1e4ba203bf52146db1cdaa3684d5d5606c20cc9d3a8c6f5a031974cde9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7n4npafm.default-release\thumbnails\8b7e759c48456068ad85aa6fc0ccfd89.png

Filesize
74KB

MD5
db95643c5c9e8dc3128a22e96c5687dc

SHA1
5b4dfea617f91c8b63cfc288125aa9b122f492f2

SHA256
d166a31530f906557b44dbddfe7d5dd18d58ac6846308f3de35fab93cf9e2cc3

SHA512
381893a6d5d2add28734af4226877dd3809fd6b641be2409f844f71281e011e418454e7a223bb4e02224efad033bce54841d8368e75ed2062ef3a347faaf78a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7n4npafm.default-release\prefs-1.js

Filesize
6KB

MD5
4c146debd7308727043362386de58dfe

SHA1
be77661e8db15967b04a25e4c19ff6f46fe10cb3

SHA256
a75a6b38eba561dc857bc839b7b1cc17f7f26c9501849e51191c8fd9b519a81c

SHA512
9ec56ea8b3e11889bb5e8f26adbfbede0e9697fba3dc29a40b0a3f7be58f9ffb0c0d458b9ea460f29b965bcb3481deaccde0bb31a20ef40d25b398f5a62245c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7n4npafm.default-release\prefs.js

Filesize
6KB

MD5
336e62af275e34c4e9b4f7451fa59514

SHA1
2d6608abb522acc717803eb4b8bcb11adec07f85

SHA256
8bbcafc9dc44f44b4bbb1436c6ee34b4042d3f2c75211e7521194b00bcc4a048

SHA512
13fb1ad2810e00eabab5cdb36da7e09a77280ed65e398efe66867a6743c0c8dec2604d346198e31b72432c686465bec867e6eb869c497a762f3ed4d8820a3535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7n4npafm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4547dc1a55bdb5b2f22be3e8baf4f2bb

SHA1
34ec70a533c70907593b159d77876c22fb4349e2

SHA256
305c1a391b8c6e893c69715af85728bb1706ab567682b74ff67807e028bfbaab

SHA512
d4a8410e7d34bf91727568f1fc4c8c079cddeccffa7b3c72c0708696f6d69fe62d3dbcf5bde080a3ee40de9544bb3096e4a9aefbff735123d76ad1a8cdce9b3f

Download Submit
memory/1156-5-0x0000000005FD0000-0x0000000005FE2000-memory.dmp

Filesize
72KB

Download
memory/1156-0-0x000000007450E000-0x000000007450F000-memory.dmp

Filesize
4KB

Download
memory/1156-3-0x0000000074500000-0x0000000074CB1000-memory.dmp

Filesize
7.7MB

Download
memory/1156-2-0x0000000002C70000-0x0000000002C7A000-memory.dmp

Filesize
40KB

Download
memory/1156-1-0x00000000008A0000-0x00000000008AA000-memory.dmp

Filesize
40KB

Download
memory/1156-1451-0x0000000074500000-0x0000000074CB1000-memory.dmp

Filesize
7.7MB

Download