Analysis
-
max time kernel
65s -
max time network
262s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
01-08-2024 22:30
Static task
static1
Behavioral task
behavioral1
Sample
009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe
Resource
win10-20240404-en
General
-
Target
009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe
-
Size
89KB
-
MD5
d9cb86f07f84abd7359a4b51371db020
-
SHA1
ca4b6f262aa3794879759baa0e775ea311f3e74c
-
SHA256
009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8
-
SHA512
a4646fb436e82a595609230a25594a20bcfc2febba022758c7c618221a7716093933aac70f0ee7fadf708db8eea25b4fab17c3c7953ffb6dee596422791bf01e
-
SSDEEP
1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfoxfigOq:Hq6+ouCpk2mpcWJ0r+QNTBfopD
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1620 chrome.exe 1620 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2564 firefox.exe Token: SeDebugPrivilege 2564 firefox.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe Token: SeShutdownPrivilege 1620 chrome.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
pid Process 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 2564 firefox.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe -
Suspicious use of SendNotifyMessage 35 IoCs
pid Process 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 2564 firefox.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 1620 chrome.exe 2564 firefox.exe 2564 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2028 wrote to memory of 2396 2028 009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe 28 PID 2028 wrote to memory of 2396 2028 009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe 28 PID 2028 wrote to memory of 2396 2028 009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe 28 PID 2028 wrote to memory of 2396 2028 009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe 28 PID 2396 wrote to memory of 1620 2396 cmd.exe 30 PID 2396 wrote to memory of 1620 2396 cmd.exe 30 PID 2396 wrote to memory of 1620 2396 cmd.exe 30 PID 2396 wrote to memory of 2404 2396 cmd.exe 31 PID 2396 wrote to memory of 2404 2396 cmd.exe 31 PID 2396 wrote to memory of 2404 2396 cmd.exe 31 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 2404 wrote to memory of 2564 2404 firefox.exe 32 PID 1620 wrote to memory of 2292 1620 chrome.exe 33 PID 1620 wrote to memory of 2292 1620 chrome.exe 33 PID 1620 wrote to memory of 2292 1620 chrome.exe 33 PID 2564 wrote to memory of 2696 2564 firefox.exe 34 PID 2564 wrote to memory of 2696 2564 firefox.exe 34 PID 2564 wrote to memory of 2696 2564 firefox.exe 34 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 PID 2564 wrote to memory of 3056 2564 firefox.exe 35 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe"C:\Users\Admin\AppData\Local\Temp\009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8334.tmp\8335.tmp\8336.bat C:\Users\Admin\AppData\Local\Temp\009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74d9758,0x7fef74d9768,0x7fef74d97784⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:24⤵PID:1172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:84⤵PID:1804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:84⤵PID:1408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1996 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:14⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2004 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:14⤵PID:2664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2256 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:24⤵PID:660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2948 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:14⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:84⤵PID:1628
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"3⤵
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account4⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.0.355088090\1200856759" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {583fbbc8-6ea5-43ef-8745-9fb61d9e7a0e} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 1296 11dd8058 gpu5⤵PID:2696
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.1.1892755261\1908081648" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0b2473-2909-4077-a05b-87842e7aba23} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 1500 d71258 socket5⤵PID:3056
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.2.539644549\53316171" -childID 1 -isForBrowser -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aa1d93a-25d8-4dd5-8626-f41fe9b961d0} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2060 19ba1a58 tab5⤵PID:1508
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.3.1203483728\427415412" -childID 2 -isForBrowser -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {448d78d7-491d-48a3-a731-1f17787231fa} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2616 d61258 tab5⤵PID:2936
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.4.1793075907\17079015" -childID 3 -isForBrowser -prefsHandle 3932 -prefMapHandle 3872 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdba3f81-c8e3-4795-aab0-5ce79b7e4d01} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 3692 1e509b58 tab5⤵PID:3272
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.5.908144681\986070634" -childID 4 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57a815d4-77ca-4a4d-a04c-40086d2ef622} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4032 1ee16958 tab5⤵PID:3280
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.6.282649745\892706663" -childID 5 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f18a80-64f9-4e12-848f-1711a39974e9} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4188 1f58e958 tab5⤵PID:3288
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
2KB
MD56645e818dcc76dcde672af7137dbcea3
SHA1dc4826401c6dd715800c8024f3d3571d4c23eec8
SHA256c7c372ca4cc0e6e19c4ca0f07ae7bfd39eb716e9f1bd1eb3eddfae1ccef994db
SHA512967d138f64b11a62a0febdccac6f683a5cbb58a7aa0d2e78e087b17177a0914811349ed32c1b82a62976338fb9f65e7c7c09c558b2a006274cbe7cabb8c6fc64
-
Filesize
2KB
MD559a5a36e5bb76e5bf65cceed29d82985
SHA18af7750b142b1d64a797d555209d92922f7a41df
SHA2563be4772e202d7e9257b26f643ea1d6c8b3d710a37ea3e5293e46b2468fcdd0b5
SHA512ef505b50b0fa8da18523b931f8b5ddaf7a57c57f1e973be95b2a4e53ea4024926e5cc91934e83117015239b92a66ecdb15628cab57ea982be06ae76c40326b05
-
Filesize
2KB
MD5d0060a2812763e7f4c0e84c7f02cdf35
SHA14438cc4901f7c3178855c14131ff4cb395b55f64
SHA256b223f3cee576c4367dd1940869b91d61233931b6fb29420b601fbf47aab7f57b
SHA512572628b3424b40f15807869e86c42ada7f01ce19cfbaa443b26566acbe114774a378286aedad70065307954889fcc0c5474a2a0b907a65fff2f3108aec139b08
-
Filesize
6KB
MD54dfc947631e045bb741614c88692fed6
SHA16e8b1c930d598ca245f97950c843f6e3652bff5d
SHA256292119231e282b2bf4c83f97c9ff3fc8a39f3686cab230e9dc7288b7304ae740
SHA5122860b5a6a8d27088008cd265f07832fdffd573a92e28f6b8ef5247fc4fec2f053a31e2ef6e5291117b9396b56297c5ef4b404ec45f0a787e372e2926d9b6d522
-
Filesize
6KB
MD584a4a061e624edff180fb894fdf919a0
SHA13f7e5a9289f4e61a91cb167d15c16eab47924d6f
SHA256efe342dcc4caac0ec38f84c90168cf71ea979fd8091d68566390516059cb2708
SHA5125717a61490a26eff565d112cf8bee278e78e938bade9121f78edeaeff7de3461bd69dd843134316eab5cc85e95e6e5e052ee7d5133b2298bfc06006965abc105
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\df5c6346-3bc8-4aca-8782-6aae052e01d3.tmp
Filesize6KB
MD51d5ce49f10c041ee6a3a7ecea283b7d6
SHA1252e3242b1fbd799e7e76af84b9d7960de726dbb
SHA256d54e99286cda637e683244ed83dd5e43a5304288320fe3933fa7c8fb9d2be144
SHA512de7d0f78f9e74210aa3ab4b091b2b9b9151c70fd65d503b2722998624b7dca221850edf25dee0cead49a6da7bb200e5ee6cab93ed3770d096b056c27993a7009
-
Filesize
2KB
MD5de9423d9c334ba3dba7dc874aa7dbc28
SHA1bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA51263f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize7KB
MD509b3f13360b2ffa9e65ea1d56832cf60
SHA18faefa52f3a129951ffd36f6cb062878c26675a0
SHA256169a6b7695232e882619b8945fd5b72f508ab2d23aa912f0154ec3b0435ecd5c
SHA512d7b911edd59a4db0566b7ee0ade3728db62b73f26da36a8148b59e152988922f9eed311122c878123f26793a896fae8c42e71ee864fea5985216c49908f9a56e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
Filesize1KB
MD5e3558ce1fe82cbbc05aa5b7344f2f2aa
SHA155c834f99d0ccb441a966fe5fb2288f10082ae6c
SHA256ad6b85e5d817ddd7edb5b954d81d65bd9765a85cc4359fe98964d5f8cadce16e
SHA5129d60525c3118e48eeb10caf812cf26bc7fe826e05cafc6db03d6a10f05f35e1e1ed01ed63f27fb0450ece5cd123564d38bcb2ba33a45ba47615b2ba265716e90
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5de7e8a41d6ba9076114224363fccc7fb
SHA10864c0c8bc7d28e168424b291e02285b6a6a33a4
SHA256b70955d1ab32092527f2e611475abe117654529005042a46707739349e9b482d
SHA5122885f11ef73f6cd8127c8d25578f7983b8d5f820f2f88c4911039ab6e07ef577094a8577517efeeac3bb0f7b53d2233e392a678234ce900a24f91d1a35066812
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\03bda2f9-6496-4b68-949f-26bbe12bc361
Filesize745B
MD538d48da6619467538f2bd7c0cd6b36a4
SHA18fb596edb0ad5d72a76b0eb7c5ccdfc16b91c61c
SHA2568bd968954ae124337dbdf580e1fe98b9499c941a34e9c42b87094f8c0962da88
SHA51223028600c2e24f0a8d13e7ef6c587173018c86c720c02bd833c5d5bbd30efb17fcf2d6722acc798f9d6cee150a411b5067d1c3cca20b28b1837d1a125e1c4b68
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\0b515422-e268-41cb-990f-4964f1a2268d
Filesize12KB
MD57537d25b335ba1020cde5bfa5cb0a586
SHA1f9f0131dbe574a0334405eb18d0637887790a69c
SHA256bb9dec3b49133d7eb076377d151ef822cfc979d3efb6b807940b2b5a0aa41622
SHA512b022f14a36ad911c284f6baccfa6515b2ff96d4ad264d1a6c96835e46bcadfd15b19ed3bb9db75b2c4b509e52da36ca20f6715878d1f7823ccd2bed1346414b2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5710a5ce765aaa4ff791dcdb5e292e03c
SHA107a2de8ade51809e5f24fd56539ac2be58b64d04
SHA25639cdab31b06e095a48edc5486780d7a10229b76adcea919dab763b58880b3182
SHA5121a6e2143c0b506ac355f7dc921f843683eebf68fdd9824efcbb685fd94251281779898f80a0ff7df389be4dd9c88b260dd2dab2cced21a703e7fc5e5ba463205
-
Filesize
7KB
MD5fe62e3b8af0be7215d330055062a4f4c
SHA1905ab27f3fa35c22922afaf7714ac5fe5ad18900
SHA2564e197b98d3680188858481fc16db96f80b51779ea134478692c88c24d51b5dc5
SHA51241f817722d5bf2713f530c938790d069f497705dc6a41af35cba60e487b34f432c7177cac195ea1937471e547513245f26defd30102ccb1cb2e179763b3a7342
-
Filesize
7KB
MD50fef96a3a071fd3196b177773462833b
SHA15f4767e19925df4ba264ee8a5b5a444a8a02727f
SHA2564af22c1518209e7105a6839430cfd9016f7f9d91d30d56c8428b67594284d39d
SHA512de9103f1049dd5aa2f9cb62e53e560917138ab9967cbcec8a52dd3f9f61f633d77524380f4d62672be866621fe3ad252f2fdd0306f36b9719d4170ae41b4d71b
-
Filesize
6KB
MD5bea7fdbea8897bab26e5a48e376477d3
SHA12fdb2023bd0af2d59354693b9109638b591eee4d
SHA256d0f2942eab83e2ab8ec90a03f03951f27080b93ee192ce94c843450d0825a110
SHA512781e3291a8b06bbe15b486870fdf9abdc08a95b4ee30d3eda8b3667cb5b64799d3522be5ec632f989c304d1972b10c6d6174c42909816831fc05dc4f0b47d832
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5e0cb4ed60baae07ef92a5d7886ee1164
SHA15dadf58c82fa57d10ec9396f50078cf23b8c29d7
SHA256c584c77b03c196907da1329876265656b397014c142e8cfc019362dff12e9d50
SHA512f56ec12096c7f3560a7c131a500b017a1b60d720737c7a2fa6ffdea31575b2ace3ec004d85d322981470ec10a05fb24d28e53451c6e4716892e6f06744e9a442