0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21-07-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
Size

1.2MB
MD5

3bd07da4263220ce8651d4d9117b6bf1
SHA1

aa56a30f15b09e5644e0d8df0305d05e0275a634
SHA256

0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766
SHA512

238c6854f52b25d730c1565ba11d326ec218d02621dd73cac0d9eb69b23aa13ec9c3f7707c8809433f492744e3817bb53ac6d7dd49b2ad4ffdc64c0edc548345
SSDEEP

24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8aLq2Sbly7TWEPje:gTvC/MTQYxsWR7aLq2dW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1328	firefox.exe
Token: SeDebugPrivilege	1328	firefox.exe
Token: SeDebugPrivilege	1328	firefox.exe
Token: SeDebugPrivilege	1328	firefox.exe
Token: SeDebugPrivilege	1328	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1328	firefox.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1328	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1184	1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe	82
PID 1740 wrote to memory of 1184	1740	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe	82
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1184 wrote to memory of 1328	1184	firefox.exe	85
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 4484	1328	firefox.exe	86
PID 1328 wrote to memory of 5392	1328	firefox.exe	87
PID 1328 wrote to memory of 5392	1328	firefox.exe	87
PID 1328 wrote to memory of 5392	1328	firefox.exe	87
PID 1328 wrote to memory of 5392	1328	firefox.exe	87
PID 1328 wrote to memory of 5392	1328	firefox.exe	87
PID 1328 wrote to memory of 5392	1328	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
"C:\Users\Admin\AppData\Local\Temp\0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c42c97-923c-4d18-8e86-b4d8cb68fad6} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" gpu
      4⤵
      PID:4484
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b816a29a-f8d3-4870-b3a3-25584b0c4e71} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" socket
      4⤵
      PID:5392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2668 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c376849-9fac-414a-b965-ab984393c6ef} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" tab
      4⤵
      PID:328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ede34f8-80f4-46a9-905d-47cc9cb044fb} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" tab
      4⤵
      PID:5596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4768 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4309b0c1-2bdf-47bd-840d-e45f9881d091} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" utility
      4⤵
      Checks processor information in registry
      PID:5760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 3 -isForBrowser -prefsHandle 5720 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e63fbf-5984-4cd5-801f-b2abd27b2e4a} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" tab
      4⤵
      PID:5504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 4 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92905de0-5897-4b9f-a460-680ba076f5e6} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" tab
      4⤵
      PID:428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5984 -childID 5 -isForBrowser -prefsHandle 5996 -prefMapHandle 6000 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9e0c2bb-9f12-4ebc-b185-867b5cacca68} 1328 "\\.\pipe\gecko-crash-server-pipe.1328" tab
      4⤵
      PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
07900a23965397133add85a1d8a502cc

SHA1
f4e676b3febb53088d988fe4aaada964e7149a41

SHA256
9a9b3d2faf83c96719cbb4a1ea1eb9c6cbe29c80316f30eb2f7c1eb99b0ba45e

SHA512
db9e2da81c3b03f72e3cab4a7cc9aa94f8b2f009651048910e5cb00d37736e823014e6dbfe58e99c5b3a4f392dd164cc9ba13abb2dc70c90d57a61526bc9430b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
fcd6f221bde89d8367ad76e5eff9847e

SHA1
75bbd89155e15cc7ea76e5fd1d0e0ea8ee351a68

SHA256
ab4bad559807484ec056b0c348f0570e7016bf64ff259cfb8f6ecdce202a4cbf

SHA512
02dedd507f93a3b2ee016fc811a558e3a94aa1464faae305f5057b23afe024f0b13f51c3e82bc360fc49836bdbdb22ff98c7c1a238190a926c6623e211b257ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

Filesize
7KB

MD5
3474d77e886be2dcda495b5e3ebf7ad9

SHA1
6b01a465cd02dfbaa3206f1e2f2b5c47f33a98e5

SHA256
ab32fc30cad71fc3a4c859e55cf8d523e785b439d79f5b804d0219fe62716d94

SHA512
a0ceb8587c38b4961ad99a8b352d7e8ccc2a773bb99d80a7062d22a4bda445f35e3895543d346469d88806f60f7a7216a6ac9684d2076093c410937031285771

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

Filesize
10KB

MD5
72442b915389728a9e928b20a73dfc59

SHA1
2d58de8403c1bb606ae24f9c12642cba2b205184

SHA256
6f9bba007dc73e5bdacef8d5e598130136589754b0ae34b2c7e58f4360270217

SHA512
dd7ee808e2bfcccd819beabdd4608df01f497a222293d6fb6557dc695f38fb1295ce0ca0e2adfe56c2f1b27d1850fe08665e0c278835350a61451d1e14e42e51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

Filesize
12KB

MD5
172ab6ce2f1ac5dbe6ee116cae77d47e

SHA1
06f8d15ad9f55511793fc18f71cd01adc5a46d26

SHA256
e68fcad4facd0cdc03fae39c6644f2c662a49c0dfd3cf1ae41f52e3ecb58962e

SHA512
29ecc4dde4769d7c5a9646d147ce216b75a159beab0f36ff14e422bb120a355673196f125832f1d28d587032c6727f2388934161f3d4359afa35305e4001ef46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
3d50faec23288f1b65a018471338d281

SHA1
92cf32273e9f2dce46d7944b8b0282c7d391e5e5

SHA256
7f599b72ed1946b6fccba45ca0454d9ae73b2aaa0928587e7542a6f2a72456c9

SHA512
b32048c6ca80c6ada73ed2ef873a355496940535825f88b3c06a598f03a3e663b67efe0a37db2be907cd4ed5b8b2cee827a18fbec14bd4dbb36b9bffdf930bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0ffc1d7f24d2a4f2bb27003c7acdafaf

SHA1
6c1ced59727d26f269e3efdb9bd4057c33593da0

SHA256
3a121809e8281b59de48136fbd2835b7906d6e71001187d0fc669449cb50ab16

SHA512
778639172d752d84939fc43751e7e364552000ebd10613d9281eff2599f93df33f7a10d86832ab166fda26ce43b1aeb6ea1bb5b143a056a66991836dddc237f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
520760c85275a44cfe7899bf90c175ec

SHA1
0c48d005819c8ff45ba349973d14610e99c5652e

SHA256
1a78140a69df740d4f8e54c8c5458224bbe2b4d345e08d8319778f017bed88d7

SHA512
c724536c3d6eca4a5b6c66e64e12db104fb1f762b99df0452fecd010574142672bebc24b4becd064e246819dbd9f54ff145eb7a0a439fa6e0ae740cdae289544

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\087098a8-756e-4adb-bdad-9d0932d585c8

Filesize
671B

MD5
4bc84fc91bec38336303e624dcad0d97

SHA1
392d82c7d4fd48c2d581ca9801d7084d88f12fb6

SHA256
51c2c8b19a3f02da062d0b14a1e16dafd48a33361bdd83e84d8711105ab68f94

SHA512
9ac7ac3a5e0e9e9037fd09c92ecfbd223a8357c54af2d49e336c8d586ed927a60f8ba5cf09f6d2ba9037392440b0dbd945ecc7d1e8e3baef5e0b4ddb8b72b67b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\9fcc1b60-c976-49db-ac34-9ce6ec493e6c

Filesize
25KB

MD5
8be23917b9f28e3d1a01220f22f242ac

SHA1
59b373cc4e9e0a93f700e1282ad245974bf74fae

SHA256
61284e46e2f2526a7a52aa3b2aa0f59c621e106e621261e898090db043b54fd2

SHA512
884e66faf599760aeceb3df2198cbcf450e46d5ec364ea512cfae050b7fe65ec684db935cc352a1fe1418ad849963e2f08dcd45178b8665865d940727a5990e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\b858a4eb-136c-4324-98ab-7ea9a2f02ba3

Filesize
982B

MD5
fc5b24404b88763fb96cb28cdd695857

SHA1
729c2e7de8f42442602c1b156f6f813bd2e0f0e1

SHA256
d1eaeec4a2961dbe4c8729384de2ade654c7ff96712768afc169c1bd72849b0e

SHA512
023e9e20bed5210f7c0decb9cd068598869bb9f7f1a51de6daaa6e597123e110050b7cf691cf83d464b712bcc6af2407b07ba262cc32d1465cac1dd1122d3d12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

Filesize
12KB

MD5
5f07b8ac85abe0ffb30a203bae91e109

SHA1
14807c71f46d4da7f1301639981281d53765db6b

SHA256
8886940cdf1fb6fd96381edf67b90ffc522b4825ff5060f2478cc5ff5f91d008

SHA512
e42fd681a4ecf374cdb8e93f484b4e533576302703d120f8b927b37d639b7d890ab21afd75485d5f68f28a575e44ce0352e99ded810fa75f2d65fe4a5852901d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

Filesize
16KB

MD5
2e91b9b96ed696790289a7fb7a6bc86c

SHA1
8d7bafa1dd7753f82cc1dafd73d84d9d6dbbece6

SHA256
4c23da851e0c9cd352bc55d89d703af8e53a4dded31668ad4b78904cc2399913

SHA512
ad45e5a5325a9af3446efe54c7806e5dd457d9b927425aa2a8da17a635ba416e24f81f3148c9babd48f017f4fea217519310acf02d934b7b4d449a0a96b88015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs.js

Filesize
8KB

MD5
18cacc8cc0d6ff15169421cc905ae1de

SHA1
7c06f0b9f005da1db19bda11f8df13b3db5f705e

SHA256
72b78808a04c005fb83a9526fb0c8b148bf2ef7f4ab51f69d3daa7c11a0523d5

SHA512
e9edc23d5fc330595c11a7a5e87b3868639e1aa029c139ed67e8fcc6d7208bff28c9fc769c11f3443a4fd5c2384424469e2f39722eb13e1db95a52952da59c08

Download Submit