9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
14/07/2024, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
Size

1.2MB
MD5

93bba1f0c3e92fb565f1d6416154d5a5
SHA1

68252933dc1507bc1f6760937c1c1f9f313d8b76
SHA256

9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a
SHA512

14b066231df3b2d41b3d33e10ed9c973af98f07a54ff3b5b3a3e42cd585b7851a1fc9ba9489c911ce90edd44816516f2769ee7eb4b92c19fe3a791096ce49c41
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aLJ2Sbly7TWEPje:2TvC/MTQYxsWR7aLJ2dW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2232	firefox.exe
Token: SeDebugPrivilege	2232	firefox.exe
Token: SeDebugPrivilege	2232	firefox.exe
Token: SeDebugPrivilege	2232	firefox.exe
Token: SeDebugPrivilege	2232	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
2232	firefox.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2232	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 1928	4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe	78
PID 4976 wrote to memory of 1928	4976	9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe	78
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 1928 wrote to memory of 2232	1928	firefox.exe	81
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 5052	2232	firefox.exe	82
PID 2232 wrote to memory of 792	2232	firefox.exe	83
PID 2232 wrote to memory of 792	2232	firefox.exe	83
PID 2232 wrote to memory of 792	2232	firefox.exe	83
PID 2232 wrote to memory of 792	2232	firefox.exe	83
PID 2232 wrote to memory of 792	2232	firefox.exe	83
PID 2232 wrote to memory of 792	2232	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe
"C:\Users\Admin\AppData\Local\Temp\9d6b48b32dc99baf31ff9a19fa97039794d10292aa98ea60e1db7c6ee684256a.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adafb083-18c0-4538-840b-447b2057d3d2} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" gpu
      4⤵
      PID:5052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95e9b289-665a-4726-8d16-90c22e7a4646} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" socket
      4⤵
      PID:792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ad93754-4165-44ce-a310-1825545cb7a5} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
      4⤵
      PID:4232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 1772 -prefMapHandle 2724 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084a5f21-77c9-416f-aa97-b27d22f5f80b} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
      4⤵
      PID:244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4684 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {216e3989-0f23-4e54-ad95-8b5a9db971bd} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" utility
      4⤵
      Checks processor information in registry
      PID:428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 3 -isForBrowser -prefsHandle 5480 -prefMapHandle 5492 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9f34e65-d5d8-4e8b-97b7-ef24a5a0c199} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
      4⤵
      PID:4696
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f7b29df-2abf-43ea-9ba2-9046b1216cef} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
      4⤵
      PID:2952
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7af38b46-c881-4794-9bdf-8501d8c36e3a} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
      4⤵
      PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4i9bphnb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
41d59ae709f53ca41c4ca877ab2546e8

SHA1
1652346731acf475e0c72fa22e2fa93cd3a29265

SHA256
d6e5d58e9454c0536843102bc7d2affac69abfdb626ebcee488d97e90999f09f

SHA512
129f82cbc8bd9e2c32007a6ffe83a4461d4ad689ddfa43c88f9926eb896c42e68432b093f5180bb6b2939acb85235c182a0a682a1405e4f9086200ca63e1128a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4i9bphnb.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
b3eee2da2c619715032bb7325534165e

SHA1
9ba5766fed0c5e3b2e2b1e4d8b916363d8c41867

SHA256
716f5e6606396540bbb2b8c9def531b0297b0a972b8d9f135234c44172a92bfd

SHA512
5f2cf7e6a3ce22dfe11510d415470f00107cad46ef340d5cd0477643afe7f622b29b81b2d39f2b00070d3daa659f3291e4f0cb9017c46166d7a2e08e12e3ecc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\AlternateServices.bin

Filesize
8KB

MD5
72f0276193b6cc31deffe93bc912ca1d

SHA1
5ccc8c5dc5ed04c561e926fef39efbef75577765

SHA256
3873487f14cdf12d5d515d4aefd3eecdec706aa89e1e5d0acd03064c5d2f2bbc

SHA512
230311ab8f9948f29767b6c2718a169589945698d61aad6435d3219662bfcc50180226dcb795c50270620ec3042c4a54b1f0dcbfd06ed8fee62108a8f4dee415

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e5fb9c4b98161096438b0eb34931f020

SHA1
44ff924a6f7eed80ce7961f1182b18e90ef58409

SHA256
1eedcf3b4e1f2bb2103a68f9425c53b4679cb11bc6f65af2d8414c60d8630c03

SHA512
a1eee35d3978810d3ca7d4fb3b270670ea9779ef38b3176c712d37f56ea6f36131190006cdc5bda6e25c386c7276779182c074de3c886fe76398a2638d7182c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
edb6c28ecfa03a0ccd0a07540ee49c21

SHA1
0ca7242ae57f5fe817c6116e51137d6d8d294351

SHA256
dd5f26fd66bf9d42dfb85fd8df36295ffc2d7e31839e87b5bdac21a7c9fcb1fc

SHA512
7b227a2085bcf278a3d9edc0271b25fd4c49e3af2379e25394219c2e9b92de74ff54bcc5867c1b55f6b622360869fef8c15920eb0581d377d903b69a51104a40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
d0f03a4309ee7e7ffbac75f44b5b8eeb

SHA1
bd321e98dbf5a34154fa61ab58066337a1f1ea2d

SHA256
ff1ad8331f43e9c3b6688b936a5779bb28ff5af23d999c8a1acad6be3497d39c

SHA512
badbabb9d1b590631a8ca62e226ff36650d2ef1d7861f0fd97e475110700196850f681cb5fc8b1a04aaf6fd22420032426113c642a91da8a0e08c3caa54e1e44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\pending_pings\58ca309a-4538-4293-b845-0730e63f0a0c

Filesize
25KB

MD5
d7658ca0517b2fc485377fe7069dd074

SHA1
fb7c3f1785594eb6833561550092ce5d69963508

SHA256
67ded52c1f13620d86e11d3e1e1b556e606372a6dde9a516beae08a3ff4a2252

SHA512
7b25922c82dd2eee3629cd655453714774e83254876e630b3ff448b9afd208b6c53f69aa29ddc758e92461153cd919f0407287a4745169e9bba9ed5cd82cc092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\pending_pings\5ac914fc-62ad-4bd0-bcfd-1ab05d0a8224

Filesize
982B

MD5
2d2be27739bdf8cd2a44ec13b641c24c

SHA1
de62d16e9eaff8b58b570c4306a9f77f0470fd11

SHA256
c49421651bfbe67cd0c582935905f7f8e98a6a132268dc27ae395069481a9baa

SHA512
6b4a415de0b88387e8ce399fac541b9c620a1240cfff222964ccc36343e00d81c2e0ae251c4c35fd589ba7d1b21d366e198d30da6b9cd30de516ab19fdeeb6f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\pending_pings\95fd05c6-7241-4458-a778-7fa0b28fc1dc

Filesize
671B

MD5
6aecf5a6b6e66a8e2194093cccca5728

SHA1
bdb2030b3e0856a2eaad449d6a9ec31ae624f208

SHA256
685eb5a5ec6eb35e38f9c60ac966745fd508f800ab292172ace41d5a6eddafcf

SHA512
25c5b4bffcf1c6ba0e40745b9e93f425340bad0f7179c0a52a180e9f640893c4bfa585646231484e2a34491a8f484f23e14f5f12b9518a50bf7fb3e8bbc3daab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs-1.js

Filesize
11KB

MD5
f6c0d057891ff56b9d07f2fe9518f284

SHA1
521e84949770911a1890d1cc2a479e53062608cc

SHA256
24c72b76e9af44ece018c9e60babce0e31350d3f63e0a8c31591d787b42a334f

SHA512
fb2d4cad533c683baab8e6505acd8d4a13978859581a5fe2761fbb0648c8182ff72eecc6951b6d531479bd1f931cb45c0eec8c324672737c03af0a4cba057558

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs-1.js

Filesize
11KB

MD5
abe3664bbcea0d12a1e06f2ac76d490d

SHA1
c9ad8cff8a2df1941962905292895619157856b3

SHA256
9e51c7a659b40cb4ac4c2f59b953709dbc350749472132ac1a34dbb99df58d5f

SHA512
282e46796a4ed0c85198b2dfcba1fb7c7d6c2f542a8bb1d66d1ef83967e5d40946499996c937e6e5fae7f3a26d051afe17ef18072a6fe59ed857244e6befce43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs-1.js

Filesize
13KB

MD5
77957e7d84158c111dbeffe27e5e0572

SHA1
346b9c326acc70a70659ba1a91101dfbf1c4f4df

SHA256
6ddf8475f384a112cb8c1beae1c57f50df8fce7b36d62fe5fb7fb25c5fb189ff

SHA512
3799ddaf8700e7a514c99ce52184b69c1864c08d4c6b3cd28d15d1533790a94c9fdd0a0ad670ecf0d3bd86bacd85120075a0eb95cfe515660dc5f76423e79ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs.js

Filesize
15KB

MD5
459d00b92be429ad12bb5caa125f6c8a

SHA1
08575800d58a25932a8a28072aa857f70c482dcb

SHA256
9c4de33f06324da7a27e60401c19ee9a2fde379a6e07dff5e03accb65630b65a

SHA512
2073252245e88ede93824a60371e10cc050c55ff3818d44fb8e913660152aa10fb2af83189714983ba2c38871a05a42e3be7bbfb30d05242a2094518eea8f020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
960KB

MD5
a4bdf23e036609bb451bfc73cf8d2de4

SHA1
4c7c2575d62d697d44909506cba37aa7eb75a684

SHA256
dba96b593a0752a2b5e0fc40df6413fb1df3062c9e7d67bd6af83c3ca8f63b53

SHA512
2daa307620c68127afe746ab7c918321aa16c65352b9d669d0aa2fe4a092db0927c09bf40771d00cd718bd49241417f73ace14fe5b1bdb0fe84260a53ddf0234

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
f7f90dce5e0a0ddeea13851e9d3ca990

SHA1
3246bbea2147bc7306607bd2dcd215010883dd1e

SHA256
1ccab8b806f8172defa2921de2634fae5ed24a744fa314cd946f0719217f6e7c

SHA512
09b61fff33870b8d26b622ff4e272522347cd614424aa48f904b9029b44451ddbeef78f1be2b01fc983b62a24442e3eb0a94aedc89f74bbf92d133cc2cb82000

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.3MB

MD5
13a97dfa438f70c81cafb9e23b36c228

SHA1
85ed448eba98f39ff683d8f42a24214e742c7d07

SHA256
f10c8a8103a0b7eb9337cee6c58ee0fbc31703b18bad3ddf13d0257d01e03f05

SHA512
31510b83afb8d91ad85e83f8881d98853457a171075d10f08f1ed8dac4bf82380b3359399c7f22b19e09ffbfc0e9330703083539d7c19d912275ac11fda0b98c

Download Submit