98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13/07/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
Size

1.2MB
MD5

95400fe4401436bc758adf545cedaf96
SHA1

1f49b7413c0b8f9c1223163df28c455b2db546b0
SHA256

98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613
SHA512

e8de73ea985e7429bb71d31368643995e6a26035df7adff0f3292c9518fbfb0d68da29d2b39f7c27d80e8d73f4e4a54a058c5f2ebe2cd87d1456fa51d414d9f5
SSDEEP

24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8aL12Sbly7TWEPje:UTvC/MTQYxsWR7aL12dW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	648	firefox.exe
Token: SeDebugPrivilege	648	firefox.exe
Token: SeDebugPrivilege	648	firefox.exe
Token: SeDebugPrivilege	648	firefox.exe
Token: SeDebugPrivilege	648	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
648	firefox.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
648	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4896	4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe	82
PID 4316 wrote to memory of 4896	4316	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe	82
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 4896 wrote to memory of 648	4896	firefox.exe	85
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 1216	648	firefox.exe	86
PID 648 wrote to memory of 4624	648	firefox.exe	87
PID 648 wrote to memory of 4624	648	firefox.exe	87
PID 648 wrote to memory of 4624	648	firefox.exe	87
PID 648 wrote to memory of 4624	648	firefox.exe	87
PID 648 wrote to memory of 4624	648	firefox.exe	87
PID 648 wrote to memory of 4624	648	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
"C:\Users\Admin\AppData\Local\Temp\98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:648
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1892 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94a92aea-a8fc-41a7-9971-a5fbc2cedbcf} 648 "\\.\pipe\gecko-crash-server-pipe.648" gpu
      4⤵
      PID:1216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e876b17d-c1d9-4911-a846-6ead1c7a345e} 648 "\\.\pipe\gecko-crash-server-pipe.648" socket
      4⤵
      PID:4624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 1 -isForBrowser -prefsHandle 3272 -prefMapHandle 3268 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d566730-cded-4398-b353-5e64e19d38c6} 648 "\\.\pipe\gecko-crash-server-pipe.648" tab
      4⤵
      PID:444
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2544 -childID 2 -isForBrowser -prefsHandle 3020 -prefMapHandle 2744 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca3c8966-48d6-4a5b-87db-15814af922be} 648 "\\.\pipe\gecko-crash-server-pipe.648" tab
      4⤵
      PID:1484
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4716 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd0db5dc-dba8-4295-8eee-0952c17035a8} 648 "\\.\pipe\gecko-crash-server-pipe.648" utility
      4⤵
      Checks processor information in registry
      PID:1016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 3 -isForBrowser -prefsHandle 5512 -prefMapHandle 5508 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93040056-d3e4-4523-9dd8-01dbe4cfbc17} 648 "\\.\pipe\gecko-crash-server-pipe.648" tab
      4⤵
      PID:1520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {325f6bbf-8d16-481a-8fc9-e5443c43ca35} 648 "\\.\pipe\gecko-crash-server-pipe.648" tab
      4⤵
      PID:1620
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a398881-cc99-4bf8-9d50-1822608200ac} 648 "\\.\pipe\gecko-crash-server-pipe.648" tab
      4⤵
      PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
d3860d183807175c498b1f968797be99

SHA1
cd6e7f884bb59df04fbcb63d9bb345241a8111a8

SHA256
76e333db1bd0aaca9dee44d5f8c451d27083384c83873976b674cd09a4cf9add

SHA512
09b43666385935cef47660f15a252359aee45c264d4a9b9993ba58ce9135bb71dd850f0bab913c110e54495ff88feb65f780a5f5fedf77e3b820ff64e9b03cd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
af693f4bbc651c754bbbe7644315347e

SHA1
8b331071924d118d9c7415d6d0f231caf3c38158

SHA256
9628c67ab178d71734f826aece77333cdcbd07fbf8139cc54a2a6d38262ca8f6

SHA512
dabf5e9f9e006bdf669c611a489e0e7413aae796671f21a2d4df15d927efb43cebceff8a1dabaf5a20100ae524c288fd825ee4dcd363d2cf66e55c9fec1756fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
39b1af6b2e7252dd3e1d9ab4bad29085

SHA1
f2094ffd918c7b69e79d9b32f8daf427b88255f8

SHA256
b3cabab81ced67c1141babaf1ba60aa9a8de14b3344adc23028f15bb9f52cd82

SHA512
aafcf6280e762f01b515f1d780779eedbb6426584f6f74002a5061cb67d620cffa43931b6c4c5c54eadc818711a004cef770d230e3113d4f768017c1afe3e5cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
b12943d8ca9179cdcbe93066cad6bc24

SHA1
1683b29cca17193ac1e186d633abf905f521b48b

SHA256
76136139d97bc8d62296c7ae1d73cae3049419bab16019b6706d3417fe181ecf

SHA512
496448358842ed58d74438c48b0c27b5331f9c79642a256c693836bf4e6cbd2a9a817cee5b0b17cc86b51e9ad0355842951817aefffd22b856ebe3e7dd828086

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

Filesize
17KB

MD5
162ed42be88f1e4bc521fadf82125b37

SHA1
9093d08d188f6c9ea0aaa8ec647f0951b60ef6f0

SHA256
e5313d9e03f83b65dd86b92c201de36a65593e1ddac04ae7de996dc41fbde0e4

SHA512
b31d7011735056108a2609aaadbf85685c1f4ab9fc334396ff57ca4feabc15e94070e615b5689bc2866bc3e43479eaa02f9da9383564a9fbad451b40ae4dd63b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

Filesize
8KB

MD5
6e2bcd29cf475900600c8d0bbcadd892

SHA1
01df32af8d755dae6dbdcf7e07a4c8b6f70f365b

SHA256
9762cc01c5626997a7f1ba4e1e00f4f8cb00a51e2c28a9255b3425434678ad0d

SHA512
958eb13cb27db0b7a68f0bfff19fcb2d486589f580aa5d011b782b7dc6730a4c464ec526c88d6958153ae92b58c20c0509a88a347aaaf5505a74aae98bdae6e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

Filesize
12KB

MD5
78a1b9bfbadf381e1b085624cb11295d

SHA1
ece1d5aa1d050063b46d8b64baa5498e6310ebb8

SHA256
a1edfcc5bd857f135242c63e87944609de79e7a19056206ebb80bc822bc13e58

SHA512
595e5c15bcc610e78055ea80a657f4bc2333a40496106beacbaeeea310e3dbb50ea543e4eb0c261a8f1cd9928a2afa960b505524edd11499830a2c1bc1b4da2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2f4ab477273aeb2796d7bd3720fe3ba2

SHA1
bf8fcc65c6ec34252226b78462cbafadeef5d283

SHA256
ede7d8e5e7e5d282fe73ffab76a0e215292fa4e4efb526f4171de38f95bede47

SHA512
fd25b7005357d5dd3704d905b46ba7803cd46d9b67ac3104ef0a306725b3093cd57adfc889ef7203bbce677734d142e123a272babece0c23edcd539c657f32b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
99f24151a6537d1cbdeb01f7d0d38b52

SHA1
fdb82d1aabecfe133d98cfdeb8f99a7c24f7b729

SHA256
633085bac2f7afefa1761fb8842db2b7c4f14dd82e2b5c5fc45fc787a4b9f908

SHA512
2cf52f822ab22372e0625db893a5b6ebfbaf93bc488d5ea64d5723b53153be0fb7aa8b2401a831045753642cec3b0da7fe148cf12067ef4e8ee750ca925c3bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
13282dc01a10cd3a77e2a36ac669baa8

SHA1
e2e19b45572c8e8b844f8c3fb1bd35f6b969b9b6

SHA256
be41f858a46a9eb031c8719506058df711246456df508c0cbdea1461ec348930

SHA512
3f05c3bd3f1dd58e565ed3e27a0cebf6f1e09a0cda174e68827158f7f508d183f4f840d3d35da1fb552c7a240ccd625a4203007c9420a23bb9511c72b94e24b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
cc52b521690b7b96e359e9b7696684e4

SHA1
f5f0364ce2acbb4beb729dc08b5b02f7ede201bc

SHA256
d524355950015345d5f644e7d08b89a17af763cfb7602a33d913a5191620c3b0

SHA512
0761a31c9a3d54a4cae1971733edc351ee7e561c834263b25b5fa659482fcefd975ee82090999f36f0d759f60fec8196f9232166f0e602aa28f9d939678e1453

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\5a5f5f96-1bfa-4231-8825-351a2307893f

Filesize
26KB

MD5
979030a11e0a3c576ba05244001874b3

SHA1
d6a46d8e6ddf555952aa7a5cd2a0bc3a661b6944

SHA256
cb3bc06c15da626049e1eeb8314cc39355b6fe7272769fc717659b74e2a585d0

SHA512
b44273671fc05c267a05d42cea613da86f275b022a6c10a8c21b108dc7f08ac56e043301341ad3f78de3e2bdcea1df2e57baf8c4fea4b696f68b70e15679e8be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\928ae045-6415-4c21-842f-93bdf063112c

Filesize
982B

MD5
728eef84998b55315686523bfd5e6bc4

SHA1
0d8c37000f31b41a8c496aca35d274ba4c4a0639

SHA256
5f8b800e7758c8efc00870c32a4695ae5986f65be1aa9ad983e4f6fe2881a317

SHA512
91e209b0208c26846717ade9d9e4510fc1482c0bb3012fad1269685d62eca765dc3c9046e62fa23e2cb05b61bc0cd2cc82505f8e6379f8e32ef06b0010280a28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\c991a66d-fe92-4114-98ac-6b5837ce18f6

Filesize
671B

MD5
17dfc8ac3082ffa02de7d0698220c4fd

SHA1
078bb566ecdc352f232aef065d4496d72bd0f680

SHA256
6a1840f44a70e2df8f83642b64787e09b2d74b889cb5ce7c8414176861004550

SHA512
12a54c047b27863e2860036057f6f2a094468a59895e119fd5da250699c97f442377177255573a12321332e72bb202132982f87174d5476abe925cc1a6cc868b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

Filesize
11KB

MD5
1698fb0eddbe1324d201aa1ddcdfca1a

SHA1
b8372074e20cf4bb19a7e7403885225502c86fb4

SHA256
64a58ec57da8a6019272e7f31ec25378061be596d9f03edd52524ba60952c791

SHA512
2a9996995a06a05c3b60accf726ae4942c8b6433554c612fc82178d33a7782708da51d6d7a5b1298e6e143a17d5469c882cbfcc082a51cc7893560c9d5749b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

Filesize
12KB

MD5
191df8d70cd20c01fad5625074fc52da

SHA1
655cbf176ee65cb8a4bc312264f847c12b693e30

SHA256
ea708d6180d020f91547ae0e11fc32269a1a41333a5c5c005dd917c480a28523

SHA512
feb87fa186c67cc96b076e5965a5b070a3cc1a7679264f12b9224e0d38d5fd86da0e7c71fbcbc5b89ace4b43ed4765738fd3d09106d127746ec24f9d0103334b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

Filesize
8KB

MD5
92dd96907120473b5833a7b86f16a547

SHA1
ca88f340b8ab6ae238e59119b51fd891bcd47397

SHA256
a81ed5643ff46b941bb6c596a37a764926c2cd71279c72830786d512176b9fe9

SHA512
60d2282dcda9812861dc7780746495a0daadb279e0e558b471fcfd144a281d346c3179e2bceca4853af6052c468011e04b498e09457718fc63e21866652190e1

Download Submit