0131731a833f32b45fd785d14c575556fd1699197a2ee57c003377337eaa539c

Analysis

max time kernel
71s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 14:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Electron V3/ElectronV3.exe
Size

36.1MB
MD5

431a28dbfb0f836dd397171b25f5377f
SHA1

53adc7668422d7227d30b5f3965611101504622b
SHA256

b9d21bcf27f3d50b078ebe91eb9cb68d4887ffc9a2d2db3e9c5eee8b3bf9a114
SHA512

632ac8ca6e2583d1c603f90933f7bb3a74248c65ae86144935a2aaaff0a969b0fe9f87bf9aa63d5dee1f9070b275de5146069f713d8303d8f2de869ac8e3ee55
SSDEEP

786432:29AOQ7KKj1YqIdryuIjHNOgi5Q3DyKvIjjk9+0/pW/C0canN:YAOQGKjSqMhIjHNm5UtvIsASaCfanN

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1136	ElectronV3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001c88c-129.dat	upx
behavioral1/memory/1136-131-0x000007FEF6290000-0x000007FEF6878000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 1136	2552	ElectronV3.exe	30
PID 2552 wrote to memory of 1136	2552	ElectronV3.exe	30
PID 2552 wrote to memory of 1136	2552	ElectronV3.exe	30
PID 2352 wrote to memory of 1468	2352	chrome.exe	33
PID 2352 wrote to memory of 1468	2352	chrome.exe	33
PID 2352 wrote to memory of 1468	2352	chrome.exe	33
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 1664	2352	chrome.exe	35
PID 2352 wrote to memory of 2104	2352	chrome.exe	36
PID 2352 wrote to memory of 2104	2352	chrome.exe	36
PID 2352 wrote to memory of 2104	2352	chrome.exe	36
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37
PID 2352 wrote to memory of 1236	2352	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\Electron V3\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\Electron V3\ElectronV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\Electron V3\ElectronV3.exe
  "C:\Users\Admin\AppData\Local\Temp\Electron V3\ElectronV3.exe"
  2⤵
  - Loads dropped DLL
  PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72f9758,0x7fef72f9768,0x7fef72f9778
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:2
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1532 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:1
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3844 --field-trial-handle=1212,i,2511397435555135804,8169520653062215346,131072 /prefetch:1
  2⤵
  PID:284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.0.1948462848\814723655" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a13d65d1-c6be-4c16-8a21-42ed48914d3c} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 1280 45d8858 gpu
    3⤵
    PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.1.200322043\584970974" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15bb1e35-fdb7-4d32-b7be-a7b76aed048a} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 1480 e71f58 socket
    3⤵
    PID:1832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.2.1352847544\1049559163" -childID 1 -isForBrowser -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45d101e8-8419-44fd-aed9-3622fb5c2449} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 2072 455fa58 tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.3.1109407613\553573843" -childID 2 -isForBrowser -prefsHandle 692 -prefMapHandle 1620 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d1795b3-1f98-4029-83f2-c2dc6a910ea9} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 2480 e70d58 tab
    3⤵
    PID:1412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.4.1069849035\1965084998" -childID 3 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed577d85-bade-43b8-a399-40ee9ebce2dc} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 2836 e6e558 tab
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.5.400072839\1163451939" -childID 4 -isForBrowser -prefsHandle 3448 -prefMapHandle 3856 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68d68642-7a0d-4455-90d1-a5ccac15d04f} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 3884 e2d858 tab
    3⤵
    PID:916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.6.1641169026\1977120894" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a91a6d-f311-4b3f-8bff-9d3be3076f2a} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 3976 1ffba658 tab
    3⤵
    PID:564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.7.1094921830\1908811503" -childID 6 -isForBrowser -prefsHandle 4168 -prefMapHandle 4172 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ca73e1-5ef5-4ddb-bb79-a3a261c4f926} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 4156 1ffb9158 tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.8.157693328\627342555" -childID 7 -isForBrowser -prefsHandle 4448 -prefMapHandle 4440 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dc1df29-1492-4e71-b211-5c110e59e22f} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 4460 1e3e8758 tab
    3⤵
    PID:348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e8fd27d07583fcba57edd6a189f73f11

SHA1
b3250ee46b7bde914ef551e5206f8e8c0489c036

SHA256
5d3b4beaa338c45614645842029b0a88e9f2c77f7e4c45a940b15204141a0cc0

SHA512
0e2fdace63a7771c7f77958205a92fcf49ceff85d030615e3dd948a3ad0066ef61a92f58213d2d10959f8bd8a56d3f7d9a097c4d415ca09d7cc87f335e888429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
47a50a5e5cfe500e40014dec549aed54

SHA1
0c5c524f85b82ec01ef54ab23c216529803be056

SHA256
d0c991fd057b9b33dcd43fb920f050da26f2e27824f98ae5a493f1986321f615

SHA512
6db3adec42eb1754e9c315917f7165f03cbefb08f3a9ce9578ef0cfdefd450993de55e734153c05214323c2b126985e2039a326b37bcfbadbc3f37aa76873533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ea6c7d6a6b4d2ca3fcebfd8b1b81f8fa

SHA1
90d58a01ec3d0372c58116bb4fa021e8312b3faa

SHA256
2b8ca4d771ead5734e6a88ef63bf5e87033cb94f4afc856ba21137e3d59c477c

SHA512
8c7cb497ca1163d8b6887f3d4c5f00194efa60505a4838ac309f7b64544f89db6543ca9615e60079d37ed9b0a603f61b55efa73b0114c23c1da756880eb6b90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6987e338448f23a606c78efecbbbc6ad

SHA1
47469ea165b0db874eadb49c9e3f870c65879744

SHA256
5046c74d1d0dd4401cda8ffed5b7170b29927fe90a15ea3f8b2cc93d2807b816

SHA512
e5048e5ff0adf3bdbfc8a90b15a4854b4659cf75f0e8181754d38253822c24f7f6c978719709734d228021dc8cb62defd60b0c088dbcd5bb7047226c864819f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1130bdc05dff462b20cd75f58d863091

SHA1
fa592ca5950a7016ae84b9354121e531f76c958e

SHA256
e18b9a2cf57085e7b1018e5b74f609ba9ad3abe6d4774b2b6d9e563f25a21954

SHA512
2728d424d26dc54739d0dec4c55d89bcb10a4c162274a6277157e748db00383512a6ff45b34cf5029474b9588e139b33a8dbc0d3c1ae153ec6ee62a7da1fb192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
73908de263639655b4eb0f78059b226d

SHA1
57e01351526b3562ce09ad7303d71c2e663a602e

SHA256
1b8690e8cae27c610d32d89dec7af246f01ef3b3bd38bdc70146f72c1e0ed077

SHA512
93e7291f1816edf057e5268f9b71009e61830bf1c312dac088662483eb70b79c7a9146946b6eed9d03d4c1ae9e1d864d45938593f3eddeb1fe57962c2fa545a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
abce8c3392aeede9471fb8fa1f5fb05b

SHA1
f27a7811fc72b2b6c0e156ac99406ab8ee2f98fe

SHA256
6c2fb29137ffcf34d1da1816fe058e07d7d7660c3838a397cf79b8222de08401

SHA512
45bcda8de50e9da761f3383250f0557ed1bdb56afc5320c343ac0a42280d17816c06ffe2fff3cb24a538835e7b32ed513b4124e68fff2b81d018a414115f5d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
56f275765c085d415e8f5ec32e5b0dd3

SHA1
726b81c604240776ae05fbf44b40c2065c500ff2

SHA256
232ccdde6fa0642b085056a040c51801f871e8ed8c1853db44f2599bd52e0bff

SHA512
0381ddaa866e3291ff31d16edee519937bd994355273d39ceb8142ca3c55d54fcd73bc335e976ba74c1938ad613a7712500ef75cbbdc78198773722cec0cf495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cfc99ea8-420e-4fbd-ab78-997b0bc2a61b.tmp

Filesize
311KB

MD5
44e6c538c2848e34c55e8d333f788683

SHA1
157f6d9c1727f84bd4508bb4102bdddbe2c89825

SHA256
0f51e40843b40804ee77ddabd87c08a91b83aa46499c53bdf54504c0b6c04a68

SHA512
bbab278054dca3393782b31666697cc61f6a1f2faccfddb912f251e6f8e6f5ca9c344a9aec5e6381af0eba245b14cbccf31d69f62473cb64ad0ff67a95547353

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
e358c15f8bc9e23e03862fef338c8153

SHA1
254750466f3405738e5158cab4bdd1dcaa4c3871

SHA256
2b4260dd8ddba5494c47d7dfabcd8ee4bf0eda4a8381680279eb205c57262b1c

SHA512
6e57a0965a10690882fd28b7f925761724b1d2498ce8426b4a32d86ca170aaf48f0cf7228de89182dc4105b5a3f064dacf048a5ffdc939d533afb8feb0672546

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\F75BA6605419C72342396B10D508B5A64910E75E

Filesize
32KB

MD5
bb8b0f2fc71dd5aa05520449c7c411b3

SHA1
61eb6c59a98d83a1932540faeeddd50017ae3b76

SHA256
e044b070425e0a63e18bee4574841aba9040f9f3430928f67b61f2714eb44431

SHA512
03d03c24197f5969b22f8382049cd78d785248ee09b6a4aa580ecf73b75e9a2a5182f5d34fc25c94aa5957de408cbd24bef6e84d4120694dce87d5c58dfe8102

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d11133c0798364aaf0a591b01a9cdf13

SHA1
977411139d86193b6a657e94ad301a0e8b77cbcb

SHA256
493d9725cc728611bde7523d4b6dd216033cb99892b413c4d8630cae14da387d

SHA512
81eb31ada6c4bce85ab623a4254ced718a02da5ed5bccdb0ab792aec68db98d5c8421a3c14de94f9f4c03a2e8c138caf1673a6ea71ffeb339e52e63e9f34668a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\pending_pings\8fc771b8-1307-41e2-967c-e1522ffe7f01

Filesize
10KB

MD5
d67499f14b268be3c24c6a0ec7a646d7

SHA1
f33057f98f9cda3596fb7f4a37b69bb3767ad0ed

SHA256
b4b4ef9c5043e19f97454e9e3116115e6dd85bbdae1f74e1f6b1ca7fbbe64da4

SHA512
d5dfd4edb40fbf3849b7db9ae540cfcdca82809e25b3f574af153adf32c5c309d58d4a15f52d15a365a84ed24719a41131534bc05424a95629e4d52a4aa1c35e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\pending_pings\d7bf6e63-4c1e-43a5-ac05-30aa31f38352

Filesize
745B

MD5
d2fbdce6bdb4bcf8034cddc11ae77cf5

SHA1
dde8faa2a25f231af7c9bf240d0a19814d789c60

SHA256
af124a9696478fc6059a6e6c8515576d1397e8cbf68942ecaf9109f9cbbbc07c

SHA512
490a65f5dbbda5e1b4cd9e6f34c91302c0d7b61c3e01110a2e4ba1aa1ddd3f20a19d15c6c0a26b4dcae76e56a915006193da9fd911d1e0986e86ccf660094209

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

Filesize
6KB

MD5
dcdbda8f224b48d9f12855fc16c380ad

SHA1
07526217c56085abd5d8231b1970f764f49680dd

SHA256
8e1a568ca59e133b1d0fad8ba915bd5ce777a1b0262f6ed9f26ef04a8db9f768

SHA512
fc44c4d415fef2cea0ccefb8c4be48ace829768bf2504e42f158c4842b2a38c08ccf2d09a77812471a13544e9d04e82fea84e7f641e793230f549754e13c1a7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
14923caa84a20b7d96b0762ed6b18808

SHA1
80c9464443e57c898fee7cd8bf473ea1e82d64b9

SHA256
f73ee9d40ba00c6e6a9cfd6b33d5efc0201efee27ef20e5b5499df1cfd0bf236

SHA512
f56d4821eccea94a7ddd8d073d9cbf282ef5daa5df37ad6f3f59513eb413195586c25759cc067788078eab21ee55fe578dcf52db6086f63d42240c43a8bc9acf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
7a6f4e26de58fcaf7653a32e4f52610f

SHA1
7cfff78c24b5815975978630c33b2ce2a09f59db

SHA256
0c2f949f5bfb6bbe9deffa5c8509d9245e2d686069947b6e141f78151a832943

SHA512
b5764eb689337bf12ee0efb82f28026435b0b61be92cc6d2013346f7fdf07072e6d53ce70b46cd7cb238a782025aec73d96c67624218a8e177dbf0e3c9e026ad

Download Submit
memory/1136-131-0x000007FEF6290000-0x000007FEF6878000-memory.dmp

Filesize
5.9MB

Download