5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21/07/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
Size

1.2MB
MD5

0cdcdfc0fd58ea9a597404440196e427
SHA1

51b04a714ebb05a3423a8dc0a65cd68cd77a4f81
SHA256

5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0
SHA512

f6a4e22581d3984446b65b7ec024ece4b47a9576fb3661e6822c9c0066b11c7923e0c0317439720b44c66fed98494749affe4cda369ee41c6023e75e6efe02f6
SSDEEP

24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8aLz2Sbly7TWEPje:6TvC/MTQYxsWR7aLz2dW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3300	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 1596	3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe	83
PID 3424 wrote to memory of 1596	3424	5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe	83
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 1596 wrote to memory of 3300	1596	firefox.exe	86
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 900	3300	firefox.exe	87
PID 3300 wrote to memory of 2800	3300	firefox.exe	88
PID 3300 wrote to memory of 2800	3300	firefox.exe	88
PID 3300 wrote to memory of 2800	3300	firefox.exe	88
PID 3300 wrote to memory of 2800	3300	firefox.exe	88
PID 3300 wrote to memory of 2800	3300	firefox.exe	88
PID 3300 wrote to memory of 2800	3300	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe
"C:\Users\Admin\AppData\Local\Temp\5dc295bba42421c281c115140698a2837cc5565e362660462d5542aafcc598d0.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3300
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1904 -prefsLen 25749 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e69a87-f5fc-476f-99a2-c7322e836cac} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" gpu
      4⤵
      PID:900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26669 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90e370ba-795c-440e-afdf-4e95223f31dd} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" socket
      4⤵
      PID:2800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fe0fcdd-bdd5-405c-8499-54d6d54e511d} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
      4⤵
      PID:4032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -childID 2 -isForBrowser -prefsHandle 3752 -prefMapHandle 3744 -prefsLen 31159 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {046fc2a9-bcde-4e68-a1c9-275bc2445515} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
      4⤵
      PID:4356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4628 -prefMapHandle 4624 -prefsLen 31159 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07ceebb-a711-471e-bc66-638da56a9e0c} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" utility
      4⤵
      Checks processor information in registry
      PID:4120
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 3 -isForBrowser -prefsHandle 5648 -prefMapHandle 5644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d578a7a1-4fe6-458e-a7f9-bb9aff45eb4b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
      4⤵
      PID:1692
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 4 -isForBrowser -prefsHandle 5832 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edec4411-286a-43b3-83c9-037737c3aec2} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
      4⤵
      PID:2324
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 5 -isForBrowser -prefsHandle 6080 -prefMapHandle 6076 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67d23cd8-9f88-4bdc-bdae-ee577892f393} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
      4⤵
      PID:4796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9orreff.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
ad2262e47d0d24db4466a6eb8158da87

SHA1
a4139874a4f48115ab5f8e6905192909b52350c2

SHA256
a1c1ba6e0d3aba5c3c6e7097fbba1dea0d22823097a67df28f4ed76bb5afe94b

SHA512
0232df070e6477d76df40832cf57facf0aff951eb2a3c1245b59f88e89c5adfe485622b5f1c51c0cdb3d594ec320d453b3f3a6e76c33d3cf1a57264ec73fd73b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9orreff.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
1e84466d4097d649afa67c1d836626ce

SHA1
e635eb14f32ce1bd4d896882385018259461eb4a

SHA256
059e17523dda99c55a907b5672ea4cccd4415698209c28f1917d35d12ccd8fe3

SHA512
a69b5457a2c4d48fa4df7a0bd43ac9fac7176a6a6d2a6ec215b170f3ea86f60577af8aecf61d0a275f33f9b63d66fd52b644db06d47c8c01bd6d8217428c736f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\AlternateServices.bin

Filesize
7KB

MD5
ccc31f19a8879c312bcba6f6db7e325d

SHA1
2ab4b8f4b9818f26407cb740eb11a2a19d4dc1d1

SHA256
ef3e8431219044c4115c5297cd5eec3fe4e8f888da048e38b18e377cb31fa9f1

SHA512
cf5c7c32d8c9c685694577ae2c2d33b397a5d543661935ae5a325973c8a69f5d822ee8d2cb8e5f63957c954653cb3811766e90672391d9da36ee5e783b01a8aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\AlternateServices.bin

Filesize
17KB

MD5
90f9d2d4333b7c168e32236b4b4efa40

SHA1
29921c3731d49d9b59c81a47eec1787d2b52d8a3

SHA256
9527c72ba31cf794fd8b86c411c718bd7015337e81e81f121bd1fc5c7040990f

SHA512
b2ec0ab691b93b8ad5b250c68fb3575907071a45b0c6bb8eb46c8351e0b71876055560cd6dc49feaad31118991dadb4a58be99a8251024cbc22026c78e0d39b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\AlternateServices.bin

Filesize
12KB

MD5
96b59f2fb80e3dc4a3c9f3acc490cc32

SHA1
474b2490b0cf9255315d79d5560e64d42795bd23

SHA256
b94e2559bc6aba9df2d90881f27fc3f57b5dcc2f64a22f7dd4d1540ece16128b

SHA512
ab7bbbdbdaf21471a0373ad9a64b6f6c49ce6945a13e740ce01fabb1a44070364efceed16cb8acd99753a929e2e5b4066f768f949078ab828e3011bd8426dbe6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a2e406f08a2f3d4f1039522546a16478

SHA1
91eb4d674e4d89776d0c046b7977cbdc0d329bee

SHA256
9a8eb989a3b74b78ae963bbf826e86817bb47512177cd8787ed960e9daa6f984

SHA512
43dcf4289272fc154408561cc3720131df57e20f474bff65e15aefa6faf4ec27157678aeaa3955c7b1eb8ced4e37115aad4ed5ba5051dda04263774c23485b62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
67ee9cde36a4d645441d2be7a30662c5

SHA1
2e2282c5735e4e795cb270692fdec774425ed6ff

SHA256
cc190f99f3798c7c4388d66d6090f23fe8c2791c49723c55c3f5c0613c368820

SHA512
ea945a648d284ba3c394f48653d1aa317664ee2490b3f568c071927fa7cb44e7a05efb1327c01302c11515deb6e955b31d0ae747fbd8041dac1180d3783e5d41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
313db05e160ce8fe36c075587d5192ba

SHA1
8930cb3ad9c0b0105359a8dc4324e29a10cfb6c1

SHA256
e3304bf50e142382070c409848ce63c723b928586ccd59cb6281bae185cf5f2f

SHA512
5d483b93bfe204be523c72d85f0541d068e332a2a010efd4c97efe4af91a8c9710a907610133115ab01aa080d4aee97a1a438ecfe3dcd330b17042855c8a43f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
d875f4801addcee705cf190015a0ab95

SHA1
a3ec54277e6993e3e026ec0c240dda293ec4ecb7

SHA256
22b8644c9c80a7cc3401afcb6ab3ae3efb8a3f460e10c1b66c41d815f04b7782

SHA512
8e9cb013a0dde4d52f2553d197ac129c4005c0400f906fc3a151170bb753b33fa8c90b868b924f79e5306cbc57c2b642158d1ff7e017e85344cd64fa18ce2d27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\2012e1a5-3ba8-4e6c-9ff6-8675ac530b6b

Filesize
982B

MD5
51d41b588980183f12baf385294485c3

SHA1
0e4482291cc308ef5bf19f94649d7f21f4ba4ea4

SHA256
7e29a1d692723cd0c114f14d322429bc7da01011094bdce583bfcf21902fdaf6

SHA512
e6dabaf667ee73109fbf244b2913f95104d1df0ced8fa61c402b587d0e1c850953487d91c421bb6ddee4d75ad4d8f5151b1cca7b6049c8a86e38afcdcda766f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\c4dbeb39-d8aa-4273-9854-657ec278061f

Filesize
671B

MD5
88ef98877320092a7b366d93ec3be265

SHA1
d716d4e874810df4b671a45181338eb4e19e16e2

SHA256
9d48624d038ba7fc6c987fe513270b7eaa5a38ead135c6a61291cafa5fa0e5cc

SHA512
805bf94babc20817edc292a868996483920586ed07c3a94b20554725bdc4a2867beabe41f674d9b315b0d728bb771f90dd7c67246c88d77a4bc03fe3b3fa5c7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\f44890d7-f950-4a6b-8c07-650292a1b9bf

Filesize
26KB

MD5
f95aa6f1810a5c55a770e9333c859ee9

SHA1
f3aa456d70fbebf85839fd2b09c50efcdc01cbf7

SHA256
9afd6d1ec77654f19987fffe26f36dc7a50f17d381f8ffa6540adb515a4b9b4f

SHA512
d73de3aa80a4fe1e0840e04789517728f1eef5d08f7d956e813cbb6c60383310d1d8580ab639cc83201f6758a744f36589ae052a29ab6456122c9c6cff7c04a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs-1.js

Filesize
13KB

MD5
d5fb0fb60cd34d03cf100853c46ae2d5

SHA1
ccdbe96c80e20c8e847340ec7f5dd195485be449

SHA256
7e6e6436af3d4fe035a75917a6413ae159f4703db9e2bc63a73f4e90665cb90b

SHA512
76ff00bd6aad372f66dea95923df4a7368c33c84f5031a3dfa0462b02f1d1be7e5aa695701d0665f68d50f168f16401913db819dc2f90d805c9946af07f4cc06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs-1.js

Filesize
16KB

MD5
42abbc452fdd100cc6de9e9a1cbf5bd1

SHA1
78b45536dfa805ac4109351e2dcc0c54c58239f3

SHA256
c8b89c0acbf661b8c048e6bd262badfac91dbcafae4cfbec830ff507bb39220c

SHA512
8f1524dba1e0c2285042637d58e9727148379acc8afc37ada778323f9f6917a0cb01ca7f5741b1eaabbc6944107e325a66ca333bc8742811123d611c96d2b21c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs.js

Filesize
8KB

MD5
236c875cdecd41acaafb5a2472ddc441

SHA1
c3fea0d72cccd0b31b47ad82c740c96d076bd1ea

SHA256
2a8e09a15e9b2c57cc82b46103f90dd64d60fab049a706145a57983b682dc020

SHA512
e6636a98acc56b63ec2c8e97fcf34fd841e0ccf3cabf0c7be79bdd5716c3824e71ded18e673e1d44b985fcca43f55486f926edbdc4909037293dcda5f0986d3f

Download Submit