3123af93014a5a5c49aa6fd2118f6805041af178c222be27e30b2fd477085c19

Resubmissions

11-12-2024 15:32

241211-sy44nssrdm 10

09-08-2024 21:57

06-08-2024 13:01

06-08-2024 12:52

06-08-2024 12:29

06-08-2024 12:26

Analysis

max time kernel
59s
max time network
66s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	firefox.exe
Token: SeDebugPrivilege	2720	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
2720	firefox.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2720	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 4988	3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	83
PID 3304 wrote to memory of 4988	3304	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	83
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 4988 wrote to memory of 2720	4988	firefox.exe	86
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 4824	2720	firefox.exe	87
PID 2720 wrote to memory of 3188	2720	firefox.exe	88
PID 2720 wrote to memory of 3188	2720	firefox.exe	88
PID 2720 wrote to memory of 3188	2720	firefox.exe	88
PID 2720 wrote to memory of 3188	2720	firefox.exe	88
PID 2720 wrote to memory of 3188	2720	firefox.exe	88
PID 2720 wrote to memory of 3188	2720	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60eb44e5-383b-44cd-b580-78a6dcd6a810} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" gpu
      4⤵
      PID:4824
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c97ab4c-03f9-4caa-897b-094e70d1256c} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" socket
      4⤵
      PID:3188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 3116 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {452c2e83-2aaa-46df-b97e-5c9c8ea38c3b} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
      4⤵
      PID:2808
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3648 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cb7ccd2-e0cc-4dff-b96b-fd626c95c685} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
      4⤵
      PID:3404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4712 -prefMapHandle 4628 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac984e54-259e-4296-b774-c10e703b8dba} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" utility
      4⤵
      Checks processor information in registry
      PID:3148
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5272 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ea7c12-7b88-4f7a-84df-9a0f29a1c080} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
      4⤵
      PID:908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 4 -isForBrowser -prefsHandle 5888 -prefMapHandle 5884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {313fe902-f144-458c-8a07-decf6c2e8694} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
      4⤵
      PID:2588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 6024 -prefMapHandle 6028 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03ce6812-46ee-4dc1-9711-3685da303606} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
      4⤵
      PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
c2f08eb6df317ce4fac167413443453e

SHA1
fbe43cbe53d13cc2bec285bc066216819951838e

SHA256
0762dd2fe6053eba0b236a44c82f05a087bb40d24c31a8e94d915c2e6782c2e7

SHA512
b8f606739e08ebae458c4087a842142a2b5fd65679c92dadeaefbdf38372905d727f31a1679e8766a1ebe639bbb618dc9a8a5735f9d730696c96d5a5a259dc2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
a47f7b6901e1d5d9e91e337a27d458a2

SHA1
ae1fa946ae30c6a3e04c681a3eb786837fed0121

SHA256
f9e9092dfca0ad87d2f98d9650c74b1460f93de6f33d7aa7743df4f18291588b

SHA512
ebd5cf054638c38462de82b936451cdc00a4256a7ede82ba71b314b9b0bf8ddf1bcb36f0c7970b731c5925fa6cbbbf637cc6e3251b9af8ceab724a9c37360d45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
6460b2bd1796b2bcce5b477f207960f4

SHA1
3eec552d4f73a55b5d2d9273e0c4aa49ab2f1052

SHA256
5c62f92bae0ae80c5cdfa56ac9402262d9600714906ad64f98cfe3dfc00b01e8

SHA512
ba6ac66b359dd08a0e79413ee6cfc602d0dd026c6a8d7e735f5447f92d134bcea4398f84d4429c11d024407d2fc567e1b78402033cf5894d34c89878fda79ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
10KB

MD5
6c310060c94ba9cf50c366999327f99d

SHA1
f26662d959966c247e26bcc2c306f622221d16a0

SHA256
1b796158dc5c1c26a17f7f69425fd0449dee4647885f8d34ee4e8da905824db7

SHA512
196ba1ee57fa43e5b1fab70c813e9325bf73c1fb86b0d3d1c033824e05518d5865f3e717e36ea72aaa59793a01e563b66dc843a39abc0caa4cfece48ed61699a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ad128f6ea14957ceefb8d43c6c573544

SHA1
8f76d6779538e90da2c8b5cc11914aa13e26cc59

SHA256
889855296d5428ecc80e3e5b2afc49eb1d56d6c8b465ce18f3d8f8f32fe19f2e

SHA512
c52289994383926e62232b1518524663bca5a8076c2aafe21a759ce71ec5253dafa356ae9121090b46b3c160d08325cf2e16a3166b242c9ae6f301779a54b830

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
d3335a695b56f8b1c027b6b476d2e15c

SHA1
ae1d9f00730aebc6df311c2ffe6bbbd98e6d41a0

SHA256
b801727d72c1d475c7f17eebccf947748c9a2dba2c698c41c41c8f78bf588dcb

SHA512
c29a7e0e49c85ffe478cb1273a1aaa8ebd922f62bbb95179f8682ddaf80d29682bb7aceb3803f94f897a70e51d0684594d7ba560aa911da8d202efe9e98540e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\8ebab8ec-7e27-481f-a9df-9523b7abdaab

Filesize
25KB

MD5
8f7367b462a582b14bc3e222962c346d

SHA1
4c84e2db32fea7732b13497b4bc40a3a15f07e37

SHA256
3408d40c1028613266bb5b16b0570523746de8c20ade20c60034b6ad81ba0540

SHA512
a2295f3c3e9753eea0bef0e02faefdca630887503129ccb10c80ec32686a8754a23949060ceba1f871cf9aeac702a743e9970cb5202190c3b7c3ec9482f012d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\baf876db-63f9-4566-88e9-931843f84142

Filesize
671B

MD5
2dde6fdebe191b9715624b26f2d69eff

SHA1
82c5aef7686cffe8c423dfad2dad16fa26dd422e

SHA256
696baf2a7a73058ab57a713cc28cd9b0d6f01e23aad7018d5c43b1beb8d49ba4

SHA512
99f40a81d7ef57bc723714973921f44f1ba4aaf26a4dd8b4546acdcb143bccc0a81e271d18ed65fe231917b578a3b9f87ed1a9992c9400ca335580b8180b18a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\e81ac7fe-7604-4df2-948a-816a203969ce

Filesize
982B

MD5
e00d4fbf5cc32fbe0e8060e921dfc3ce

SHA1
1f4f5fac69fb35d6f7d291cc22a26842942feea1

SHA256
c02ad4ef3b3c428ce088e6e162d60dabd7521e62a02be24ac93e8d34e2eecc2f

SHA512
3480cfb325d5995d292545c17411183b05bf5ae3beb3397c2126f3eb3d972015d471284899e5b616b448d3b9065cb6a411d4295103de940a16b7287c6176fd5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
13KB

MD5
e6c787d1b6974d0da74565c3543b6a5b

SHA1
76739d08cb273d89ae02069fd90579b815a8c8c3

SHA256
37bca7f05583c119f0134576591cd383b26a5851b75233cb1bebc23fa0aa351d

SHA512
5be6b7f1f9fc480903fa4f802b31c258ee0deff23555e883bad4c360ab43de77db8d1fcc1ab57ecdc154694003800b7e55c758172b1aecd323fd95453c4f0d44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
16KB

MD5
6cae344fa0c6fdc3f51fb5eb4ed477e3

SHA1
1b4a9ab283451dc5a29da6feda9285ec62a6bd1d

SHA256
efd388eca0c72ded9e0cacef4e9f885ddeeea181bce47e6cf77064b74e538121

SHA512
cbf022bc6d52fd792dc709ec275cc4378f60b4c7a16638d5b4da12f077f148549cd650eb3b831871272aa7ed2f3bcece0b0ddb82febd839bc7294235b4b0f840

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js

Filesize
11KB

MD5
028dba3c42b4bfd30ae612f977ec0636

SHA1
c085deffdb0245c17477da2e4540fb601484f145

SHA256
a86eef781d1c84b227929d356ebeb2286ceaada41800ddb2a6cecd46e1da4198

SHA512
5b7a563f955f14066972659f98cb0bf7e2ca66053e005b0498e3675684a37dd064d5936f5565bebb7ae300cdec8bd197ba0df2057feb4107c5c619a4e4975db2

Download Submit