79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11-07-2024 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
Size

1.2MB
MD5

c405ccb4db5e6b3603e8d263acf6efec
SHA1

a7af8499340084c5fc9084fac7403fc7d1d14e98
SHA256

79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f
SHA512

cbd990037ce94951b50567cdb605f2e886239aeac56a313be1b3cdd7654648a8ca59ca1c1a1d5adc7ef35a58801518afd68775dcc04314db7e8c27eb3ac8b396
SSDEEP

24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aLM2Sbly7TWEPje:0TvC/MTQYxsWR7aLM2dW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4604	firefox.exe
Token: SeDebugPrivilege	4604	firefox.exe
Token: SeDebugPrivilege	4604	firefox.exe
Token: SeDebugPrivilege	4604	firefox.exe
Token: SeDebugPrivilege	4604	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
4604	firefox.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4604	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 2028	664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe	78
PID 664 wrote to memory of 2028	664	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe	78
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 2028 wrote to memory of 4604	2028	firefox.exe	81
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 4440	4604	firefox.exe	82
PID 4604 wrote to memory of 2984	4604	firefox.exe	83
PID 4604 wrote to memory of 2984	4604	firefox.exe	83
PID 4604 wrote to memory of 2984	4604	firefox.exe	83
PID 4604 wrote to memory of 2984	4604	firefox.exe	83
PID 4604 wrote to memory of 2984	4604	firefox.exe	83
PID 4604 wrote to memory of 2984	4604	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
"C:\Users\Admin\AppData\Local\Temp\79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1860 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcb373e-86fe-4b23-94b6-3d12f2c4ae0b} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" gpu
      4⤵
      PID:4440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {616b41ce-a070-44ce-a00d-cadd84da86d8} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" socket
      4⤵
      PID:2984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2832 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 1708 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e6cc02-19d4-4b48-91de-681bc26ff7af} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
      4⤵
      PID:3324
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 2644 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3180b341-eb88-4f7c-a61e-3f758c273a00} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
      4⤵
      PID:2436
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1640 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4408 -prefMapHandle 4404 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc192fc7-9735-46bb-bdff-99c76ba87104} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" utility
      4⤵
      Checks processor information in registry
      PID:396
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 3592 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f69bb65-e1b5-4304-b440-e48bec277c2d} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
      4⤵
      PID:4136
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbec8b70-c635-4e4c-9a9c-585f1f87964a} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
      4⤵
      PID:2968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 5 -isForBrowser -prefsHandle 5904 -prefMapHandle 5900 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34e7125-a3ab-4e58-9858-dc4bc90ca9fb} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
      4⤵
      PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
ad568bef20a4b175ee125eba6562af01

SHA1
fe375d02029833fc1ee74eef1f66b58be46edb03

SHA256
1c8ccb9ef72564a01596fc316972efe7cc737878fd18a189afee13de18306aa0

SHA512
62471c1461d400b6996c90c6b414670aae1abd3fe08253e63434941182efbda0a2d8f47960624010fcff4969e6c83e9e4269285db82c621d2386de36af81daf1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
7203a8fc4ffc4b2eb560eb71940c1a7c

SHA1
cc27badfdd44ee8210d9fbe3b8b2f10039c43e24

SHA256
8f450f0416568bae4e2ef27020a49f22eb97dbca92591a59214e6dcb6512f462

SHA512
92d394ed806257cbcb631575c4b226aeb5f5f69df944e83f010f0164d7c7288257a863f95fa706cebc7c730ae1f7ca13edb007f883eb868ff2346a79bc1d57f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

Filesize
8KB

MD5
3908065e1d331baa77d1500bbc053fda

SHA1
bfa25056fada8a77c02ce187babf2e0360036a1d

SHA256
1cdc022fc030f093608208310a9a168c9ead33fa540a6df1daf4035110c27040

SHA512
92d47d71295c0763c96eae1ea76c545dd3bea6509e0fe84def6d59df5fc209d7adf25693476468c0f13353265731098a939f4149953feeda4fda40c1e7d7dce4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

Filesize
12KB

MD5
648dfbe35657b1caad298a136c0ab318

SHA1
35d435fca0f1f2f6fa29445c8c7f537fa50b4ca1

SHA256
c77db9da3550c0f518c1067e068b1556e09c8a0a06017249f2c9e247e78d94dd

SHA512
5e9ee74f2c1593fff1d04e43ff2727e5a8f68d682b90e1a881fb22a3ca6a0b14172d4646ecc39b77d310e6f18d0a51c1d2e14b17601417264cf29700e1a45ffd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2d564d39c0d5f64afbabe7513ba45866

SHA1
98d01b90d611b650c9ae94d7453d34c66c13d76a

SHA256
ac8209347f34a699ed0520e0207d4eda3c03a387b5ca4b37bd10f245ef61b1f4

SHA512
7e54b45b955c12dc6b927504fcaad65497d65c4fde7a0cb486fffb317035c8e340626c15f58717c1dac2c31fc08a9098f29a1de981309e78f1b639ac1478b863

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b920fdb9948c2e557a02e1767d1b4837

SHA1
41915185ff6a84a7fce712f36d8eb5bf29a0b2d0

SHA256
6cb5c97d61450d802bff869310ba3193d2936a87fd6938a6ed30cac5126eb1d7

SHA512
8f01668456ad8a9724cbbb0b114887193aa3b7baa9a6bf3d829b267e4c894297010a44eaa46e78b97f20998bb62ed5169486d8cabdcb990ef15a6bc1122cb2aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3ca2c0552f3c85b52c91fe1d9c3bb5fa

SHA1
8dc754779bbb97ecae3bae98ba828f2507037cf6

SHA256
b98744c2eb35aeac20f7c6c80115bf4cdfe08381d6e5c0b81ce9c0aff524fab9

SHA512
7e544a60857d7e6c9157b6893ddc7e7d17746437cf7eeb79c150b813dceb6aeaf94986f8a5d7d96f088e007b1fb8d18d65dcdf5c8bd47792c26131d15f78c7ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
be7aad3000cbc07172d5322d643a9b3d

SHA1
c245035698c159f852310c0d84ca80ee65944000

SHA256
4109c6eda177d8a6bf661213e6146fda5379426443c741766f55978d6544398e

SHA512
a867d46b80bbc06f01d5d55c876290d032e93be9e7af3a60c8f613d29d2e60eef8dd4f40fc4351918fce402ba1fd9bf334c5eab89a3fd2f9c4235b359b8ac87e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\06843196-05fb-4572-898c-1cd4617a9fd1

Filesize
671B

MD5
89c95f8349e7dee4df401367a13c271a

SHA1
d723eece2711df730afafb5e292a59ea006d9420

SHA256
7e5ae1efff110096d7e7474640f7964b78332bedf9b4f329b806934274c90f88

SHA512
5fe6a47ebdeaef5bd4aab22ccd4f9fbb04e283e05fb3f7f434bf1b6c88afaca0ad9f58b7bc9f23bd110253035e0c36177f9f799c6e98e26fc4dfcdc4f0ef913c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\47d539c0-c987-4f0c-8e50-d8dacb8e0258

Filesize
26KB

MD5
91fb9aa724f7a88f58bf14ce2744b40b

SHA1
264232861d9bae4b8afecb8716f879eb92bd4e76

SHA256
48df00b85dc5c9e605c1f1056c377de19da540a2047f34d583377364e12e053a

SHA512
d6ddd88cc28c61672395be10befa388d9507c6a69416f8df6954b6252fe823358dae4c95381330ecaffa31500fccf3cfc3f5e76f6bae7514a148b8a7b1a2f92c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\ed33ce30-a26a-488d-b026-22932ff49cc0

Filesize
982B

MD5
b86538f80b2b62beab277112a80b68ee

SHA1
2a07b0afdd0e275ea61988adda6bf5ad369d8dfc

SHA256
4899e3a5f99feaf688e2a6943049ad1c6c6df8245110e7123278556699a174ef

SHA512
03261ef6821061bd1609b95f42fdfc2b39caaf21df855b02902b1f5ffab1863cf9e04cdbb7bb3e061c9dfcf0b62fd7255954a04abe93cdcb2069aa84fc2a600f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

Filesize
16KB

MD5
af71fd0fe68cbd3a8a6b6abcbda97891

SHA1
fd6312126ea94a9edf22e30f31d7dcb36436ea25

SHA256
6d8b4fe0de1c7241e8bcf8dc6c5d444dfc6d279a32576145926a9e266bc46885

SHA512
5b89156282aecf9c8023a683b816ad5db943da0c419c516b551a963018d3577522e46c53abf8257bbb8cd70cc4b674d5b17f2eff1d3e28841313088c775bde36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

Filesize
11KB

MD5
7134bec5569b0f85e3cce9ce673738a4

SHA1
15f4893645204a19e0a876306321570bdce6dc9c

SHA256
6d387e80c5c93dd55887e6c09054346d2c62f39a083f3ed914fff317167336d5

SHA512
ab18677d7921b65cc5fce88bdc41a59af739df0e1b391a45b0fc907382708a023cf75c5ba8306658c70fb6d4373cec2c1b7962cae172db929d2ad85854f67420

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

Filesize
12KB

MD5
b2ed1ec62baa01a029a9b0eb22ce4efd

SHA1
8786f447a61d2863a9e373c0d5540dd10611cde2

SHA256
b026af688a16aebb110499725a0657e43106a281266ccb06a88237c0a95f8b6f

SHA512
b0a699549b47d8569e271020933fb2fa1c6c0d2f555fe0a28e3d6f8fd1c71c7d2a6ad35305f737ff556862b402bda306912d7993ed9a643e2f4b3e20145cf69c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
858f5b34a27aa6414106b465a6430376

SHA1
b40eaf0f719f43e3ef858a44fe42ee66a51f930b

SHA256
37b35f97c4903f504d0834910bc224671ab3452693b0cf018eb8a47e212cb161

SHA512
5197500fe6c5ef147f796618fccf4a203d6bf9bfdbae4c0554d01299b1b05ba756ad2aa85fe7043a840872e65908fa482702cf4d0f00db8ce108a35460b9419d

Download Submit