3e60a5bec400bc79fd063253580b9583b41e80f878a249dbc06e1aaf1d4bba87

Analysis

max time kernel
94s
max time network
202s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Delievery Moth.exe
Size

65.8MB
MD5

ef7f237bdb6acda6349e878bdc5b5813
SHA1

3078253d8e37ca476a0add65269561d897c5621e
SHA256

3e60a5bec400bc79fd063253580b9583b41e80f878a249dbc06e1aaf1d4bba87
SHA512

7e254d888967508df12ec86e0203c04c77479187409a27640cc3c9980651d82aec233c56c742e664db60b3b263bdddb47dee7c4da439c16c12b79c942329db4c
SSDEEP

393216:5qCKJWr646m8GH5y4SVFY+L/I5glN7tFL+fzqdqhuQjPLzX:5qCKJWr36PGZpSVFh/aglNpg7jP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2096	chrome.exe
2096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2384	Delievery Moth.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2540	2096	chrome.exe	32
PID 2096 wrote to memory of 2540	2096	chrome.exe	32
PID 2096 wrote to memory of 2540	2096	chrome.exe	32
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2920	2096	chrome.exe	34
PID 2096 wrote to memory of 2912	2096	chrome.exe	35
PID 2096 wrote to memory of 2912	2096	chrome.exe	35
PID 2096 wrote to memory of 2912	2096	chrome.exe	35
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36
PID 2096 wrote to memory of 2804	2096	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\Delievery Moth.exe
"C:\Users\Admin\AppData\Local\Temp\Delievery Moth.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6619758,0x7fef6619768,0x7fef6619778
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1972 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1488 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1876 --field-trial-handle=1376,i,1624910724010047059,15156425793405231150,131072 /prefetch:1
  2⤵
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1420

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3040
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.0.1628145845\1405739778" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64bff7aa-65e9-4c0f-8b0e-67ac26a0152e} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 1300 11ed6858 gpu
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.1.101279793\1065041175" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2e026c0-fa09-446e-be6e-903f056dc211} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 1484 e72258 socket
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.2.1979081679\1847525860" -childID 1 -isForBrowser -prefsHandle 1816 -prefMapHandle 1860 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f95200-8035-44e1-8188-be2cfc55056c} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 1932 19e7f258 tab
    3⤵
    PID:340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.3.1270250451\1489605224" -childID 2 -isForBrowser -prefsHandle 2428 -prefMapHandle 2444 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a7d7b6-e07f-40e3-b85f-91ea423dbee7} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 2440 1ab9b258 tab
    3⤵
    PID:2676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.4.1623954928\977667515" -childID 3 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70c6eff9-005e-4671-9fd2-f22403154ff8} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 2804 e60a58 tab
    3⤵
    PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.5.489434590\1262037476" -childID 4 -isForBrowser -prefsHandle 2864 -prefMapHandle 1080 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {026e3514-2d2b-4f2d-801f-b9edfdaafb7a} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 3892 1f52de58 tab
    3⤵
    PID:1552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.6.2055537491\1216031767" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {210a48bb-364d-41d6-aca4-1588891072b0} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 3996 1f7b7058 tab
    3⤵
    PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.7.603211059\756856409" -childID 6 -isForBrowser -prefsHandle 4060 -prefMapHandle 4072 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {187d3b5f-eb69-4740-af30-0ea40256699a} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 4052 1f7b6458 tab
    3⤵
    PID:2724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.8.812059786\92682140" -childID 7 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45acf7c2-5e16-4c7d-afd2-40595852142a} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 4060 222e0458 tab
    3⤵
    PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d5adf36893405f3ca1bfec19d327fb91

SHA1
c03b3698f652458df6062f057890094b3ce6c89a

SHA256
2eaa9eb7de7ba8f9e66f23c296b2348524dafa79c3ce6bf3c8ea4194118584f1

SHA512
2590b5dbe47e8cb3085f8f87d19a93d482a67f86c06d3f008e8f24d0c5fb1e22bd87fc5b8b9ee84de2dfa750457541cd34ececcd3214600674a15c5187ae70e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5def71a789b4ddafcc727f0a960960b4

SHA1
db0b2b84ca9a128f4a56de6973b25765a6c546fc

SHA256
15d9fa42f20591b46ee93ad4a6f767577c3d7eda4731329a76e20e820805e5b1

SHA512
101c4c7180b28b2c457e8eb166d2792905b47f97fd296644801806f27e9baac2bb865468a13aa63e9dc70168a165ce7f443df2e020db71e56da24ea0fa13ed4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
947678517193ceecbf5d5aa6ed627ae3

SHA1
3f1dc6cca59a424d976e4a91f50cc75179d77c68

SHA256
783d91a984a5955f37c1905a69ee2f03e0794d4631d404f792d2c6f5a7124dab

SHA512
678df8b6d25b6a1dc993b4bb0df8d7acdfae7665c10be202c4a5dde8690e8a3c0a9fe4d3a25b00c9956e33551aebd9cbd04cd6d863b3d9f2cec97b8fd97f7fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
b55a501f504447a4b7a122e6352957c3

SHA1
5f752d0cb3ae72bd46d14377888e133a3745d383

SHA256
4652b7269c83499f705e46aac17cb2af1a40f8329bd3b86abac8c2c1be702b73

SHA512
a803367ae8aaa7c9faf6ca3160beb5519fcd690cbfdb54ec59a03ca5d16058526ddc4ef1a49a965ed208fc529d91ee319b8e74b672349601709095cf1dc2979c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
35c1b4ad856eb4811e5e8627f95511bd

SHA1
dbecfa7481ee590819f4decde02de9d6a4b38370

SHA256
510e290e024d739a318d161211fe63d53bc8c1ef3df936858bd7d2a7276dc2ed

SHA512
f55ce4c28569dd2fd6a59ca0f26b5cf302a6d9ac143303c2241855ba378ecadc39af3c6fd6163dc4c8b27c5450dee22fe1645bdf3600ae26f6a351d156fb2875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7024243462bf086a71c601eaea115672

SHA1
051447258908ed58403fdd8a724973000d3ef083

SHA256
9623ca098b26e92f6a8f9551cb391b8617895dc5d0a61924ba6b97a7c88de931

SHA512
385431a3b57efdf4ace7207276b4e64a9704a96b1e903144e019c27ed70812245bb8a422860877708a83dca9febe3c2a3f40413675d376156f5cbfdef21c1012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
66a67b1a7a523999787d864a375a1992

SHA1
99545aea45fc54028be7b4af23a2aeae9bc97bc2

SHA256
99421a0cab1ce62ef8e5cebe70e37cb46fa69f045e5c51e601a2dc0291b14973

SHA512
3249ecfe84a61e1841d5a19dc4c9037e7fe601170430cc3bd3b9c849d219eccdc1c86e82e65cb71cadfaf7b0b79228c7522279f4f0964cfb1c20c0e07adfb3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2986f94c1e2225bb7e0ea708eb1fd7c3

SHA1
6a0b4404ce759542a3ddbcfcab1e5b05d3fe9aca

SHA256
5707073a9552b74616b3c411316a7ad559c8f933e5cf743d86ca6e9b43ef91a7

SHA512
50b3316984a6504f08bec967d28ef82ec90b8bff75cca991ffa631dab9322e07aa00acd28444a64375b2484171fa61221e1ae8bfa314a809991404e39b58a97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
316KB

MD5
0da754585b530627576cb3b89c5cd1d0

SHA1
ed39b5986691bae3a42e24de0b584072b58a2d91

SHA256
2073b01c82aef2b598816b2c0f30608a9be40f7c4a35332311fe5301a5e4a787

SHA512
faf02ac9c7b34c594e45014a12abafc34ede676c34cebb2aeb9efc14bd73594aa2656a550a44c9c74f626b301111fd7cf06c546c9a5032ee4b0ce0253f1abdb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b85fdb18-9a7e-4e6f-ad5c-ff09e0357584.tmp

Filesize
316KB

MD5
b150379a538a0e12d1137c4969f9133f

SHA1
93c66efc3ce36a89fb9e7974e6ca03d3d5785dde

SHA256
5c831d79773a8c0c05a48823c7d68a32895e232549d90e4fd6d43c70a8998f69

SHA512
458d811e02d3056234f59acdbd7aa39a1cbeefc97b18e568e129e31bf4e95e4135b007452a16763e1d6a00ba49492b54cb69cf67f1a14bc6340ba552d51837bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp

Filesize
35KB

MD5
c009d9a48f45c257e81824bdba119e1e

SHA1
4f141232e7c51a5f97c3c952d535e4ef4a58ec0b

SHA256
1dd4f65f74ad72b298b1e9b1458003555f7014712dda302611bbd0df7a53a21b

SHA512
051bf3d859ecb966de522c2438874c43b5d65db2ed69bebd46a7afd5620a762e73498979bf7be70d70718369a9ab0b54e1d2c8853007eeff8f39957506d59cca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
2dda7cba6a22a4876b0c274a10045f5d

SHA1
ebc33820b1f185ebb9f1135357185d69ff9ba2f2

SHA256
d5cde60ebb124cb0f093f2cd795493a7bbc96319018599651ee6ec425935b3fa

SHA512
fefbd242a8733c9b0ee63c9c2537a38b4dc91a3f395cdeaf99f93719851cd5ac9d78cbb5c894f305a3204a70eaa3e0a19e027a6ca950ad1453f16473bc58399c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\3543dc2e-c191-45ef-8450-6296c43fa032

Filesize
733B

MD5
c70276aba330ca27a1c6704c2da5ced4

SHA1
55c3009dea75913a46c99308b101d8313ea7affb

SHA256
0117cd201442bd1b54db56d7888f88435d8793cfbebed7d85c76d09f7d07597d

SHA512
3847e50c1555dabd9255084fe115b9f6c5dbd9e03c7e692b5ff42848b28087aab909999943301da91ac39cacd01f0c9baa3699fa2f878426df32d9cf694ab245

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

Filesize
6KB

MD5
b1e79df73ecc81b65eae1c5cd2bfa9ca

SHA1
e4c461b4b3f7f47293414c8ee7adc644d8a9cd40

SHA256
229e5b587878aeaaf41f78f5a86148cad62decafaefdd18f9428e8d89f2b1760

SHA512
3f1f8c7539ec00d24b9fb084803711300e21630395b457f9771bfb887258e4e1dceb1c7967a9362ec2b1c9639e82bb8ec7c0ad3c7832101fd8e88f174faa839b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

Filesize
6KB

MD5
f551c9005cedb405936dbeab6a37345a

SHA1
3d3d318394253884e8548022211a7257cafe5f4c

SHA256
7654ae0116ece40bdaeeb15174867a95dda89b6c75c945c97de75f5b2a361fbc

SHA512
78ac347645fdf5388f304f504386c80d6f2368a840e28ab08329cf0ed457ccf782b981a7f57ec299af08247b15f627d138dbfafd43df6e9df6abcda252254f59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
84c7de3b047beba68eceb6ff9112838a

SHA1
c1e04bf7573d41c5744b83ebeeaa4a98cea9659c

SHA256
8a0c603c207ffeac10ee29ead735bbe6dcf53bdb4da86e44f468638a1e93474b

SHA512
55cd01f04e4a28f44ba0b5dd77786342d8119aab8b1cc929a9e1e6f0a6560df88a01bc91ba935f398bd016a76b675f099e9eee25dbb19f44967dac2bffb14288

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1ac53ab863d2c369889b223530cba13d

SHA1
a8a3fe91aed28f7cd783fbda8144a67c540dcae2

SHA256
7da96d2cc611209b38da024572f284dfcbc07846f1c00a41a5061d1e5122e1e6

SHA512
18a958dd958d0ff4508add64ab5d84e36f040a707176bc2ffafa6c4fc539c535a9a74f2a90fa1995237bff95758c2322371960fb5c8ac22369ad5b2a9edded51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
6ea00f6dd382575041f76085178b59e2

SHA1
3612cc8e6a41215289e9ca8531ab4040d7008c9a

SHA256
19a773b2866eb435b715555cb48ad980f45b97bb98878e083982dcc7d21103b4

SHA512
57d91605446a1348b6e56483f8ff2bb4d9748a650bdb21f4482d8f2b0dd7823eb328dd2b883f9e916bb20a8b2487dced9b1efb87db773bb983ccac931d32becc

Download Submit
memory/2384-0-0x000000013F7D0000-0x0000000143B50000-memory.dmp

Filesize
67.5MB

Download
memory/2384-1-0x000000013F7D0000-0x0000000143B50000-memory.dmp

Filesize
67.5MB

Download