Malware Analysis Report

2025-01-19 04:30

Sample ID 240808-dxpj9syfjn
Target https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm
Tags
credential_access discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm was found to be: Known bad.

Malicious Activity Summary

credential_access discovery stealer

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

Browser Information Discovery

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-08 03:23

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-08 03:23

Reported

2024-08-08 03:26

Platform

win11-20240802-en

Max time kernel

125s

Max time network

148s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3960 wrote to memory of 4048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e724104c-8678-4690-af4c-4f37ed30e5fd} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {298fecfe-4164-432d-8517-b0ca3227bde9} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1644 -childID 1 -isForBrowser -prefsHandle 1648 -prefMapHandle 2608 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7519937-9eee-434d-90fa-876c9df449c9} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 2804 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ac7f4b-c9b5-4a23-b2f4-5febe9909ebb} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4788 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae9412c5-1241-418f-b4f9-7fe4ed418329} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5520 -prefMapHandle 5456 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af2f473d-1c2a-45d7-bd78-f8f42e6a122f} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5736 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad8914d-15c7-4333-a71e-b8fe4a26a536} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5544 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de4fb909-7394-4458-bdf5-930ef37e8ac2} 3960 "\\.\pipe\gecko-crash-server-pipe.3960" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 s3.eu-north-1.amazonaws.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
N/A 127.0.0.1:49760 tcp
SE 16.12.11.1:443 s3.eu-north-1.amazonaws.com tcp
SE 16.12.11.1:443 s3.eu-north-1.amazonaws.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 104.26.12.205:443 api.ipify.org tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
N/A 127.0.0.1:49768 tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
NL 142.250.179.174:443 redirector.gvt1.com tcp
NL 142.250.179.174:443 redirector.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\activity-stream.discovery_stream.json.tmp

MD5 25f83ad8a214b19a635c1d341d555c8d
SHA1 90a1ef3f67e92ac4fa700a75370201e427e75a7f
SHA256 6041c4f192958ac975fd239d9babda7405958ff082735845c09006f446529e45
SHA512 fbaf2c0452cfaf6cbd9961936731cae1cae44d2ac4671e8aaf0ae7133d9517608cf47d06b246c07d694160f2d304f527df11f5147442332bbecdb9129e908273

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\f2bbbdd3-f6ec-4509-824f-d4db611e29b5

MD5 982e755a463d7517a34568f2db0da96a
SHA1 eed4517989d003eaac1957b6e8cfb6eac558e387
SHA256 b9089ca561d399d43422abfb1e634a1fba71712e63d42c98ff12983565ca127f
SHA512 265c41c6051589c34359686484ca91fd8ab893989fc35787be2b96cd9965d1cd345d6396512813185193ecec909c99421d9e90e8ae57cc0fb54e8819cb2a625a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\870e2651-5daa-4157-99c9-80c6c0abcc1a

MD5 e8450bd5495fb02a4abd956a27140a85
SHA1 b9581f1e126ec0cf60dce96370a6d7fdfcffc33b
SHA256 52df5af8bd156ad0d7c595ca3309c238dde13098b0e1ada77061aad2ebb388e3
SHA512 bd4ba5b84ac1dd24c47c25b606df74c787c15548fe1d3fddaa696950a382dbc00007c34ba47ce6eb119c8d4598929377fc4ccbeb72868ad8dbe69e56d2cab450

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

MD5 dfb838ae7569366ad57653e77f10ca92
SHA1 b233feebfd3a53e31419d65b161b9639876513cb
SHA256 9e3db612f2540ed18fd3a3c05404aba1c35ddbad812836f202982869430965e8
SHA512 36d8ffb03994b0f5a310c2ae906bb7218c286f97be1290b0a22f6b4d456e6f4550b3a7f271e9dfefb25c4cc0a1d5a262be67d3dc34f6925e16b3ff4b813195c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\activity-stream.discovery_stream.json

MD5 188766e9a6190c925db62354eaaa8a75
SHA1 e4cbf95fca04946c579baf6edbb400f597241f4d
SHA256 ec0ca02d50b6acb246aa710873025930f4cc768d76a44ecc85e961daeef61387
SHA512 ab86df5eca689ac376aa81edd1df76d82477cbc5bc8af1588ec4a768cb6010559144ac53cf9eb0dea980233bc24d8fa3665d6d08be5d85bc3edbb61465fed1f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js

MD5 0719c699c5eca4eab333c46ecaebcaa4
SHA1 b862a2b0ea3bbdbfaee5744d2b6b8a263fbf70c1
SHA256 64ad951f918b3c782e3c7e1cba9ee9eaee779bb6a72c76068edb3f337b89d282
SHA512 817ae1df1f35df7738f54bbc069c56e4cee7374dec3ca9a605a97d980ed28c357128874ec3d1e0edc5af970c1fd19fb50e8a090489ba4f1764a090a78317d8bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

MD5 947227ec1ccfdcce2d5db81720e228dd
SHA1 7734aaac033d2ef01cdf5f196064adb1ce07943b
SHA256 8ee5aca88bfa8a4bfd5acd4a35317bb05501c5e7efacc04bed3877f7dc1dd200
SHA512 51e2bdbc911330ff2a1f4cf4cb06020f50daeba8b5689671ba9c92a85d95a258c51785de8c0a3ab5832de6f104d50510a525c3eb6e779df106701cb2dadee37b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

MD5 6ee0d93bf74b449ab148bd17a8a979de
SHA1 5ffebde569cbbf32a3c666a3117fae6c271d92ed
SHA256 054e0ab103ba4adb67c5aa8dd9901b960ea498351feac6f285a515267aec99fa
SHA512 712d98b1803077ba0ca21ce0e75acc4240f0aea291380e5b22e9e27c00a208223f09fb12c797bef69c40239aa763e0ac33b1e956e04d951a141a499e2911ff7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

MD5 106ff7c558395c2a07ec15a1a389744f
SHA1 fd9f554ff287b38d1be8d68d8e1506ce62031e4b
SHA256 db74795c42e21829d6d74467a949fe33d24149d64ea49102b2ed34f6bc049f44
SHA512 c9ffb72abae2c9d3f3c6bbdb8ff78a11914fab4699b4ca3eba2b5203e1e3757f75710ec189bb208816cb8104537d51fe9e01979f6e3a2c271d05ebdb9c9f7b91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

MD5 780bb665889e313d1312bc5e11658018
SHA1 900e413648b6ad8af61800a48c1f93559185ce5c
SHA256 b51749b8bd44dd5d570ed71b95b39b042aab4e8e4b6e87f59753c4cf214ad3b4
SHA512 d13592ca09ded40681178f4d06e12d54823dc32526564e9e486155e44392ea017109df2865d61147bfc46b40b170a91248cb266d835aff73a87cb0b895c87e59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

MD5 ff6b5f36700fad5aec0a149498011e57
SHA1 9c7cddb5a2bb4df08b76f0eaa70b89b654bafb51
SHA256 5ed26dbdb8ad8314729d85a80093c8b88af699bc139974dc8c1d3e12afeb5210
SHA512 8cab7775562f044bd3824a137c0d4227dce785231af68af58373859ea9e3ec0790e413e566be3acba58ea612742e561d7444e784f33c1a8fbbd995044d9f3457

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

MD5 4f3aadb74d1e2e6f8beaa2313e7f5432
SHA1 31c487167815898a78750bd772a01f73f306adfa
SHA256 c97081480f951f83cf180c274171676554f04bf84511e3cc7a461ba15685b649
SHA512 475be37041d94e8d9d4b4493b9ee79d3ff4d51bb8d452dc5e148a396d9b14e05ec41086e666ad2dd07fc12f8e1b61777c86ffd69253f8436c68d00c192bc6669

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-08 03:23

Reported

2024-08-08 03:24

Platform

win10v2004-20240802-en

Max time kernel

34s

Max time network

35s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm"

Signatures

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 3528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://s3.eu-north-1.amazonaws.com/operatorsstockolmgrant/51e5c9f490b441f1a4ff1handbook.htm

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72b6cd7f-7fae-4baf-a7ed-061bcdacdeb8} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a20daea-c2cf-4578-b72e-1f2eea0bcc48} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3140 -childID 1 -isForBrowser -prefsHandle 1504 -prefMapHandle 1452 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db76dc3-fbae-432a-87fd-932117415dfc} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3676 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad6b325d-39f2-4344-8caf-5cd3b25e4468} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4632 -prefMapHandle 4628 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c9e7a6d-3709-4b1f-b20e-8cd9fb5c25c1} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {056828ae-683b-4a09-9c5d-4a8ba19e7141} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5616 -prefMapHandle 5612 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {500bd739-f7b8-4623-b036-eb1da9576ab4} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89f8edfe-fa9f-4f53-9720-5265cf77acaa} 3728 "\\.\pipe\gecko-crash-server-pipe.3728" tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:52554 tcp
US 8.8.8.8:53 s3.eu-north-1.amazonaws.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
SE 16.12.11.41:443 s3.eu-north-1.amazonaws.com tcp
SE 16.12.11.41:443 s3.eu-north-1.amazonaws.com tcp
US 8.8.8.8:53 s3.eu-north-1.amazonaws.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 s3.eu-north-1.amazonaws.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 41.11.12.16.in-addr.arpa udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 bgmewynj33.lungrusity.tech udp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
US 8.8.8.8:53 bgmewynj33.lungrusity.tech udp
US 8.8.8.8:53 bgmewynj33.lungrusity.tech udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 247.213.127.93.in-addr.arpa udp
US 8.8.8.8:53 205.86.155.35.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
N/A 127.0.0.1:52561 tcp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 api.ipify.org udp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 bgmewynj33.lungrusity.tech udp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
LT 93.127.213.247:443 bgmewynj33.lungrusity.tech tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 bgmewynj33.lungrusity.tech udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 142.250.179.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
NL 142.250.179.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\activity-stream.discovery_stream.json.tmp

MD5 b47e859390ffa98a7f2e02243118431b
SHA1 2ab64f591fb4b5226c38dcc5c621cbd59446f0ea
SHA256 a3b899eba7bbe42b187f8ee4b1fe9d9ea4ced7ebe6c9b013ce61a153dee385fe
SHA512 2b3c72ae08f3a8dd56c8fc9828564317d42f392d516327b79083402fb37bace0bd8e57f0459273090ed605a002092c65c0c2c0ba2d223798eb543cefeb85dee6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\be49bc12-ea8a-48a7-9224-548a735bad46

MD5 69aa40e087708a86d2bbfec6f1958b1f
SHA1 437298800998a12204f2bf7233cbab2c6aa9a90b
SHA256 a5d074edeaf6ec7917cb36c942385aedaaa7d253b6cecd69c13877860071fc31
SHA512 cf6bc0a4bf54e7996b70b6685e011b8c3a6d01bf64f3a8fd180f2e0841fd0eb4cfe2b6d006571f326c0b0ad592e86c6b06c42017a36ccd82ed278135f4f4bfa8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\3175876f-bb21-46d7-8d20-bb05c81da180

MD5 12e2b1f11481368aa4839c2e0712a82e
SHA1 f74c4dd1aada2af6cdff8c697e862652d56218fc
SHA256 d7c4c657a4a2412c00c1a439bfa95e5b90423e71c5048f33e065ed4ba530f13a
SHA512 5f8e665d426130b41e56b77ee275e14a11c56306a0991ce80ee8b6957d7e65e02da042fe817898a1749893ac6be0064394a7a29715d0f9ad152c81312ad3b287

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

MD5 35c1de1802bbc39463e18202ef210e0b
SHA1 0ab6017f5466bb3afb60597139bcf1d082826b33
SHA256 f639a6cea16c5d972958060d69f121ee8f7c49e4f78a271c1585e45d6bc13bb6
SHA512 2924888dc783e049271fb24fe63454730e2805c55caab3b0db2bb4b6c754409f8469e11bdffac91b56ed0ea3060ae83d7ea16e11c4d87c450ba6f4d77d6de130

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

MD5 230330c1808cdc9799aa9f359d816859
SHA1 bd07fe57818f546a6d00a21868e674674aa327ad
SHA256 329626ce60309a330d7106499dd27a38a658f8946279feae8f765b88f851b7c6
SHA512 93fae8a8d8379e209bc2a5f6dc46032bfd312b40172a3ef7a8022d430fd0756a6d9e0ab6f4630d5df8cde1f226062bc63e7db6482b347d994a15de3bb4aeb978

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\activity-stream.discovery_stream.json

MD5 d6c09c4d55e93c6a2006cd2026d5f833
SHA1 48c348298c992c011ce9fdc2daa29a8925b79ebe
SHA256 c898c98bb4434a2a696a38e9e7e1d07c0390fa70c02088c4017d21efea5a7047
SHA512 41e3a3e276828633a0dbba77c2c1d82c687b220b272ab598c61ffa84e727f140cc5e42d57c79987380896f1acd0f4f1bc408f06617a451e7e13ba4592a8dc915

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

MD5 39dd9e9fcffa18ca155cfeef7634c5c7
SHA1 3c9995f6a2cb858fafe51f3c91372fcbc6a10210
SHA256 6b9c53aaa63ef5c78fe80c3f2b6892f3aee08f03609057f09b86e7290d737726
SHA512 ae5dec07292d93d273fc09d3b23b5c4fab744f840f39c89b8e328f30918f9420e6e51ff2d6620b62a8c97c08e70762e94c5bf725c341c44a0d36b357c7e5dc16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

MD5 4577543a5e09de882f1b83ab2e34245f
SHA1 fb6267a56706b882b580513f086cbfd13cf2c5ad
SHA256 6251e652c08cdb62af72effcf9331b734ce0d6986683767d017bcfca4327462e
SHA512 a3a9e35bd74fed2f89d22b3a52738a173e0cc8de121e841b3e257f95dcb0fc9d5be94f55f0c15e17819ccbcbb81085c1ddb8e723da4f6cb599642dc51dae2502

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

MD5 f3e7a9a3c349ad095c53b3eb87257f82
SHA1 ddfc5b6036578e2bd81acdbcc2d91a8b973eb418
SHA256 4d7dfac202718876fc0cdb44b507493d7a2f70089a119a1bd3020ea50d83111f
SHA512 702c2299124e4a064c259e7ca7af601bf25d53819daff4f0489b184f36603b4d3aeade781ae7efcfc0970da19795e33d344387a56cfb221323ff8d55089d47cd

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

MD5 6f1e5b84550163ee98bcee19632eb070
SHA1 08c5bcb3a1432c32380e15267a3a3c29adf8744c
SHA256 87b91a5f0f2d425a1a5d4b4dffcd6faf0d45f534ec7086c56f2f680ebaf0ecf1
SHA512 d8d8e915fa434b7b154ed4a56b900c35139d12c441dfd84d4540a16064d8b2e0f21fa8dc8d50dff08d4ea025f4dc3eddc8ebbe2f40e6553760ba3a04c253f81b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a4d1d2d77301ef1a7605d9976c550cfc
SHA1 9971ef30f0a4bb9eddb505e5b8e7b33360ed4970
SHA256 6a734a72ed9b61034fd767eab1f0809a133322c87f8bc4c40b23e47b7c7e422c
SHA512 eef61e7e8c82d2eac300d1159774d0e31fa4462b2fe6eea6f959866280cb3018b273cac036f49b0530b8165d935f8c9a841f51afea0c7ff7dd184e542874489b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 fe79b0780e3a23fc66713a5517a235c8
SHA1 50666c406ffea94614b4eaadeaec06c54239759a
SHA256 54cd7cc2b12d471ad8dd4a222a64a6dce3795affc59d8930c2b0bbd2535e4295
SHA512 73035691347f331258c41d981b9823a155c36beb9bdd65a9f9bfb6eddf459c2c3ce5389ddf66d82ef6eb98cebda2947bb0d94dcba73e2def57f65ede2b1990a1