400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
26/07/2024, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
Size

1.2MB
MD5

7af7da2870b9acfbcd9f440466097ae2
SHA1

892f6f095b611003f842eda8c57ee8bdf50bcb72
SHA256

400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3
SHA512

72d05d4683299fda6d801660d07d77300b15370d556b14f794abadb5744e627163242c4efda567388a0ba2429abff834652fcdca3233eb143aca1919b530628a
SSDEEP

24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8aLw2Sbly7TWEPje:3TvC/MTQYxsWR7aLw2dW

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4544	firefox.exe
Token: SeDebugPrivilege	4544	firefox.exe
Token: SeDebugPrivilege	4544	firefox.exe
Token: SeDebugPrivilege	4544	firefox.exe
Token: SeDebugPrivilege	4544	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4544	firefox.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4544	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 4380	4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe	83
PID 4140 wrote to memory of 4380	4140	400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe	83
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4380 wrote to memory of 4544	4380	firefox.exe	86
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 4680	4544	firefox.exe	87
PID 4544 wrote to memory of 132	4544	firefox.exe	88
PID 4544 wrote to memory of 132	4544	firefox.exe	88
PID 4544 wrote to memory of 132	4544	firefox.exe	88
PID 4544 wrote to memory of 132	4544	firefox.exe	88
PID 4544 wrote to memory of 132	4544	firefox.exe	88
PID 4544 wrote to memory of 132	4544	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe
"C:\Users\Admin\AppData\Local\Temp\400b769a1c6961377e7935e4f9192af7f0c62d57166e11a031bc13f03a8234a3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4544
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1756 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8c1c83d-3a7e-4734-a220-dc8d47da9008} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" gpu
      4⤵
      PID:4680
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8a4b91e-306c-43fe-a223-309c2f2e2957} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" socket
      4⤵
      PID:132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3052 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37694c9e-0875-4cc7-ad14-1a8f3536687b} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" tab
      4⤵
      PID:3148
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3372 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3660 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a76101c-5b5f-40c9-ab94-3c0bd1a7db47} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" tab
      4⤵
      PID:1616
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4772 -prefMapHandle 4768 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71cccd4d-2d73-4992-8c13-408ec941e034} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" utility
      4⤵
      Checks processor information in registry
      PID:1888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4936 -childID 3 -isForBrowser -prefsHandle 5400 -prefMapHandle 5584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f55a1275-b10d-4f4d-aaf9-54b88eb6bf3e} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" tab
      4⤵
      PID:4000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 4 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db9aba8c-fd80-4601-adab-c663ba96f08f} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" tab
      4⤵
      PID:1408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5992 -childID 5 -isForBrowser -prefsHandle 5984 -prefMapHandle 5980 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ccf2d28-c417-4cae-9ad2-f24534e7bb90} 4544 "\\.\pipe\gecko-crash-server-pipe.4544" tab
      4⤵
      PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
8a87879b8769dace8464a844d4d04b56

SHA1
67cdcae6f6ac222a98a0104244bdb7065ec56d75

SHA256
4b70b08806cb3847ba8e142af58679d13e30c56c53ac9989397ed35f64e580e3

SHA512
56fb3b77b4c72b1910368bf5b328625297aee8678a318233864bd56b607218d848ec1426302d8ab7d5b3e6c0bc46914b97b072f17f29d850592b46d10a86edd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
88d64bbee819ae64b2b8263524e1d1d6

SHA1
51473fe377ea21f6d7647f39c9eb72c327885b88

SHA256
4bf6bf829b30c5fc9da1691b60bf8cac53c2a78217d31508a0c70b682f95e8df

SHA512
72fce0439ad0926e1feadbbda37e3a99cb52fc2dc498cf4188ccc8de17ef9e094959a0669ea81e693a2b3c8bd16d142dbfdf63cc2d9e1cee5429309c61b97d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\AlternateServices.bin

Filesize
8KB

MD5
817678e0967af584a78313d58f7dd716

SHA1
2035353470dd04b529af161a00891d78982fdd54

SHA256
837599d0572db984e7733a7513c2f48e602cb9f4151f207b0f4446968b391836

SHA512
49babf40a5241eaa76abb949830b012d3a49d779e86e7b197056e50c7d0c0075072747392c5949f6e1fefd3eb74e19852e558af64c1428699bb9f8874be87d11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
bc669badc101a0ad989232bda4502507

SHA1
2535ce54d6db4dba8d561aa85834e3926e59bfc1

SHA256
ba21378fc3efb49902d7a1d329d45d5a2eb6c51eaf47b23e6dddcb200de1a3bd

SHA512
a7c2f296c191412a8f4cbf25854414bbd55dd9821c90c5eb49e9ebff8c2dd1469c557830e6ffae34c9ab589119200837aaa5f5f7db893e993bd6b0e62bf30eb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
66a5158065c7b3a8936baa6eafb2b8f8

SHA1
6a3e8eed436fd9c6078a09f1e8aa57ee8c7a22a6

SHA256
b8150e79827c099d91d244e908f345e2e0b8a3a68ed72f949e7ad4257cc3bcaa

SHA512
787634f53064ebf1b0a85d3d14ca586a3398877e2e1cc359256f90f6f5a7f26cadffcb555469d80863b77ded116c74847137c1234f4785669bac63bb50154f86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cfe8061bef94376d2b9f388230503320

SHA1
33104ebf7817e3dc7a57248791835db4474230f4

SHA256
ce763c452384eba7d8bbbd93fe09b52124b2d0dcafb233b133a51bf1d1a04448

SHA512
47a22ceb223f930c87200ca17448a5866b1e1097c36aaaf60da367690d79afba3b8d75cedb5df6667d8e43376c0301b911e543c03cd0c0abcefde187e2902477

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d06b62964676f96a026ed4192f7620b1

SHA1
8305efbae46cb36f4b3937da5f2ed802d393766c

SHA256
a73749f54591febc250d60dda6f69a06d4044da68e4f47ee7f49ffc99e00f7a6

SHA512
1318f4a80925037e1e1138f447395b6d1ecb7879254d926f31482978a69f579323468ad9422517db175de5f4e3e1bd07668a299d0efeb59e64b25d748e4866ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\5b88259a-4a15-4356-b507-2cd1caddc885

Filesize
671B

MD5
db542b69883f6acb85fda05460424675

SHA1
0a04da817e42a2a18f991a96137e10970db82c1e

SHA256
d5536374b15a20baa1f57cd1c098c32558275688efe502f3f0dad8832e0df54b

SHA512
329076e100aab6a3a159726d79e759971fc38d1220c16084dfcb918b0d08e5d8ec41b8495c3aca0a3ca395f33473658f2f1573b5ba11941fcd72d8f54e0f6b9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\be5b7a75-934b-42f1-a1db-e3930527c2c2

Filesize
982B

MD5
b58aacbde6cfc8b4442161bac7260b68

SHA1
46471eec71063231e695517635215772ed897101

SHA256
4537d60ee8d53899aa4afb324b89243ee78c0ad5dc88af2e23cf3b961a19eb77

SHA512
d51db65af2f6706fdeb78e5769e103591540f74c36ccb60ae267120f266ac6d784d7391d618454a3c39af32654e3d9e710912d15b771a45df1a83a133d7d4eae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\bef44a5b-86c1-45e9-82a7-51769e3d8e4f

Filesize
25KB

MD5
54d7ca5fd9c89dcd802513026681fb8d

SHA1
53f5daa5294da089a0b52bc9cf1856490e4b6483

SHA256
af4e1b27a07f5a6e1e6c2a7eb06e8270c561bfe50de58b89c08627b42680e4a7

SHA512
d658c40eb26504743b778afcbb0438462e541310b79dd202e75fd14b9cc8724d26411f7e38654403b4f1178706cffe51527bf691290c07cf4205d41be680c816

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs-1.js

Filesize
12KB

MD5
68072cd7759d302d18e9a93eb39e1cda

SHA1
64662eb419b5fe61c1047970446991938da5c5d7

SHA256
1c6552803a1183205aa7ce5a69820ad9a433e52960fd0c0db02ee40dcbc97a4e

SHA512
02b88f709786e19f2a6cc9fcf270d4cb1424ff7c0b01c53a1b729c7564d07b56e08da25131ffaff914e22cbc2616ddcbed03762eb3ffc6fdbd929e90d4e83646

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs-1.js

Filesize
11KB

MD5
09f26636dcf6fadecbb9c53f31d65106

SHA1
b50479be631f87917874bf330851539d29f08783

SHA256
2a642a9669500854fb4ec1f7ef8149d944a832b36b7d48769235fe66ea27bfd6

SHA512
9e2785e7595c47d446fe9e3c402269df24c5f27fe79bea1dfdf34097fe3af4947cf5c8174bae3a16e219e127e56b1a5bac2feca47a2d668409e7aef98f8898a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs.js

Filesize
16KB

MD5
649639847b09d5924d9843d67c5e280f

SHA1
59aae99301b5c78a498b9025a3a3a5c136e46af1

SHA256
d8b803e2e4a90893f3d1061c1e85f6324c47fee19176809822650095727654c1

SHA512
bf4cb17612dc3ef3333f96584d29a86274edbf0cbb22767b807e725f167b08d3d5e34462199da404d8ec7c7ab2e43b142a149c7f9e2c1f2924c5d5eef57fdda2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs.js

Filesize
16KB

MD5
a16073a1af322b8052a39382caf3a65b

SHA1
ac72ce528cd20290496e4a408720483ec7f191c6

SHA256
918d624dd6f2d66c9c1ef0eb6b417533745b54f85fb6609ecc3e29f1fb962de5

SHA512
7632a90587b000700b6bd1ba36f903f5abbf0ed2da4473a785d8203bc420d8a05aa7fb7175ad1eb56be3c04fa3de32059985282549cf432e50f6930c637249c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs.js

Filesize
8KB

MD5
ca025e69407c8890df7d270a313bfc4d

SHA1
d28918359223b687058dd95fb947185e4d37294d

SHA256
e4aed87049caca95ed45f288020738a0d85a9c0c47d6761c98144cbff2c7c100

SHA512
dc7e480f9f0029cd693a4d2b99f32b73b49446b5b1a49261a01609e975f76827b0d4844312bcc58144d38896f83100a4da1e2f5c3fbef9f612ec3fa7903d4300

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
3a59ce2b8bb4ceb66d25101fd5a0bbfa

SHA1
48717ee7aaddf0ddffbca81b0d1c39412067c145

SHA256
81c3158e5733d6dd082e8ff5001233ed0a6b706f589110a261f904854aca4ba6

SHA512
4cf792dd3431b69cf2ef99433029b574164ffce2c3bd90b91970ae889647685497a2915d82e5e5d6f6cd4532adaafd2dd9eec3394ceb19353f57a29c6ea0a77e

Download Submit