81926ac48c591cf972efba5d2fc312b1213ac0c6226660a6113c02f8bdc52802

Resubmissions

30/09/2024, 17:13

240930-vrhyzawfql 3

30/09/2024, 17:11

240930-vql91azgqd 3

Analysis

max time kernel
63s
max time network
65s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/09/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

1KB
MD5

c9f41cda0bc860f443c4fdbe242da673
SHA1

52a923ac85bd5edbfff10155120971244075dab2
SHA256

81926ac48c591cf972efba5d2fc312b1213ac0c6226660a6113c02f8bdc52802
SHA512

acc2ddb80c3976fd171920cd27f002166daec1864343e15e8ca0778917b9d6ec00e2968f864ce8a3cc6a08501a773f70bad99e337d5bd31ab30ce3c26cbfc8a6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721899265965163"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4820	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2064	4960	chrome.exe	75
PID 4960 wrote to memory of 2064	4960	chrome.exe	75
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 4664	4960	chrome.exe	77
PID 4960 wrote to memory of 796	4960	chrome.exe	78
PID 4960 wrote to memory of 796	4960	chrome.exe	78
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79
PID 4960 wrote to memory of 5112	4960	chrome.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff843689758,0x7ff843689768,0x7ff843689778
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4920 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4768 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4652 --field-trial-handle=1844,i,11000302269618595674,2252132481493490280,131072 /prefetch:1
  2⤵
  PID:5712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4328
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.0.790369216\1470604678" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1808b14-202d-4320-b4b8-42b9171be839} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 1780 280ff1d5d58 gpu
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.1.192139319\2110834806" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2080 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f1687e9-e699-4052-9bd4-01ac956366da} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2164 280ff0fbf58 socket
    3⤵
    PID:1804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.2.571716957\1380420991" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2700 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b05560d-942d-4c73-8219-9bbcb4a9e849} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2736 28085da0558 tab
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.3.667005236\65143076" -childID 2 -isForBrowser -prefsHandle 3248 -prefMapHandle 3216 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2cdb373-e1e0-436e-b2eb-7aa71d7d7e04} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3080 28084459358 tab
    3⤵
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.4.1277261160\2105149966" -childID 3 -isForBrowser -prefsHandle 3992 -prefMapHandle 4004 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d36407f3-eebd-44a4-b221-8db1b27e9131} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4296 28087cc3558 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.5.1666013404\750194938" -childID 4 -isForBrowser -prefsHandle 4752 -prefMapHandle 4748 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a25e978-ef9d-410b-9494-0e147c35a74d} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4760 28088045b58 tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.6.2111496598\961189539" -childID 5 -isForBrowser -prefsHandle 4696 -prefMapHandle 4644 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9f4010b-048a-4be4-8a52-2efa8aef98b5} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4708 280882e6c58 tab
    3⤵
    PID:5292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.7.1398427062\837267834" -childID 6 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b08730b1-89e4-480b-9244-e86a43a05cd3} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5040 280882e7258 tab
    3⤵
    PID:5300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
43ffb807024514db786841568f802806

SHA1
509692ccec13471bac50bdfa8f0841be36b97db2

SHA256
654a436a5d1f58947335765abd25e6c0c330a2eca285ce60d44aa7181143e4df

SHA512
56e0ac2912c0f65bfd1387637e10f6c2e5d455073e2df3b03dfb8740973492a3f436e4460dcda6315d4d7a76e637a59cb2c9692ba6b6277124ca76535906fd49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6f67e1518603216176cc94bcd61d25a2

SHA1
0956567b5e0a8b7755cc865ebd7407d40d061ad2

SHA256
f3954be6dba12ccf54023de6cfa2947dd3d12559156b0b10aec7497ea2e05f0e

SHA512
7420bffba34550412e7d2f8ede557dcc709c91e1f4ae4a151d9aa3a791eddde7167ad88b0d839d11cadf51f46c2d037449bf396912af2ce1290d2f799a792fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b05c79718640eaa0e80a623cae384b71

SHA1
680e31c2f497c532aeb7d6e5adb5c7807874e4ec

SHA256
97be25e9a2bced070ce7d9af2140075c8500e988fd8994c4da2129ea3819766a

SHA512
ff491fa34faa4dacaf72bbd2ca603a7b44cf9b934e49fde479c7cc9341649a3e6ab6d2a7fe087b680ebdc30e3c3841ce70a579087d0ed15b2f127cb2812c862e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
796e9aa7e3cd621da965758b3f3efc1b

SHA1
addd20ed8055fcbad1623d0fd851bb0f69ab2fb2

SHA256
d8f0979fb090cc16cea6ba92caf707aae476936cc479df63116ad7fd805bd42e

SHA512
73e32a7b2c2c36bbdbe41bffcaf2d34a0fdc6cd33597049bb62dff9f1f97b39e3fc37dbc92609b03febd6040dc2decfad72104742251bec6f39dddcdc81a0c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1cccdc5a7fef56893d72c7f5d3811ae6

SHA1
2cbf345843c961647946488656c64955509d8a54

SHA256
85e34e51d8ef8d01792bda728688ccd1e3406524b5e19d1ad4d078557da2f506

SHA512
9a92490ba22748b087318ef1bf03a47ffb25d29c8dd3d55db4a16da1f36449d193a31855958980f903a6d62311796fde573c6067cc5b29f1bf29cfa8e9033bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f0171360481784e02d7c61af0608448

SHA1
e365d97dfe406de81501efacdc27153f4a2a0efb

SHA256
4cac5549eabf4bd464f7acc4cb27a3b5a21256b4a50444be0684fa69c52c397f

SHA512
f4cc94a56de303ed586a8cb983fcaf472085168a1f7c0b33840e7c6fba363e52793ef3eb3bd41061445b60b56b73f699b10ce0313916eebc0f48d026aa655ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
0126ef2d51239379ca7daf56707a71a2

SHA1
dcc4da44b1a04072da71e2b036729f0b592a8a1d

SHA256
e72d65488a9034045a45c3b648c48987ed31965d3107b67c9137e91764d2cdf3

SHA512
bb6140a461c078fa2f9d9b73c42fdecbd4df3810e2430ffae0394ecd7befdae6733c951147979a78b7ec7e9e9480e35f9d0e9d912f67056e476954cd2f0d7d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b7c41d83be1edbdce5a833561fe776ff

SHA1
cab8f34dbe2c38bc5cfdb1ccd8fcd4e28cded3e1

SHA256
a5d473ee00dec6fedede595871d4fa10b244db72516c62f5e6b1843071657fe1

SHA512
144320acdba30f891035f76f509caf8f5e2ed15dbec406573987daa1d32a664ffccd73537b97d9cbaed5a71ee4433f73d73a36f1224206d55e2ba5b899b1bbea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
77185a1ed59e13c6fc17ef57b1ec854d

SHA1
e725dc051f9abd32809cd256cce04e06b17fb14a

SHA256
41bda9210994503a1814e4ea5f7d25467db8b1686d50644e59ad0407d21c8768

SHA512
5822f730c0ecb3a4ee163e4b11f72f84266172a945d987411ce529e31cde0e334c684bc061fdf04a246a36fc251113ba43410c6aedaafdf5520c5e1d7337fd6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\140fcdd1-fe5e-456f-927d-6ae629238c7a

Filesize
746B

MD5
cb16472710c049d1eb856a9b366e775d

SHA1
859372885cff0a4d912971502df55b5aef63c742

SHA256
8a15fd8afc3094885275c25220262f1c06132a0b4d9293f621a63c40a91e395b

SHA512
7558b3b94cc93213d92e75116132f9a4340bbb8771f53ae70f2eb651c9d133ed755a3dd9ab1cd831262a7a5e4c00e231a9a6761553375331c6ff21a8ce26a25a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\ade3511b-176f-46b1-beba-0c05273ae51f

Filesize
10KB

MD5
9a8b15251291f1ccceb18ef725211f20

SHA1
985642d1063fdb039c3e98ff9d0e705f89b0416e

SHA256
2d5e1f2e7aa0be6c46e6dbf7b2665c49cb4e4fd45de2ee47286f2c0bd5c787f6

SHA512
1db76015b771d365f7dc009020bfbb0a5b808f1b7a79c92cd0da1cbc8c70134c2dd4e4daae632554ddfe36c00510919019b8b518a136f616743d9aa8d16996b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
fb68ab576cd1a44261489f3bfb907ff2

SHA1
45c15b5bfd72e202a5fa7b0367c0a08e5f3be70d

SHA256
ca9f4fa45607de117e9e6a2517a4d08e14c95b923e6ab66ffa04c1473674bfef

SHA512
c424862da5592ce39ee1e6ea9a2a56e5e5b614f766456da402d7179663f0e9d0f274feede10a5388679f6749fbff808ae2d101c7d6b879f09dc70ffb19e44e2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
8ed3c5d8095699d371dd7c37d18a394f

SHA1
1a99e079e64404a1c6a5f3889122f954a68a3f0f

SHA256
dc6ab489faa74316527fa714dba8e9b32e78678b45a7a6d3e1f8dc86d727d3dd

SHA512
cf3e57965be920c9aedaf4464ce66eaf5b2fbe080432db10f8315df6f6127d40154c4ec2d7fa04959ec5b3dfe9f6e2518864e6310c4853e07e6c28d8fedfbbc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
73a2c8faf643e09878f3ceb733e8c185

SHA1
3ef220f2683e72cf34017781cdcaf57389f7640b

SHA256
0e2039b0aebe68e1650b53a36d87bc94dc5cd72121756e0ece98783076f65ab2

SHA512
9b9eaf59a1e30a53faa20d3178216b7f53f8c42a8ced0cde18d75050bac25ff52dbb492331d04ff56e35aa6679522139cf573f047eec09c83e7e58fc098546a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a64978b80f871cc7f9d980744288626e

SHA1
56f22648bd8283cc6f5b83d70d9d239744a98165

SHA256
6aa6d34ea7d9d442ae7985fdda86e511a73a72c693ab613a4cf0cb6157fa3dd5

SHA512
16251c09de0f0f22b673715fc92886dce2ec73ee03b63252c600ffc3de5434a44aa0d3af157dbfcdb23686c1909e67844a188e6c9450bcd4e62f029ba2d6ce8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
731c0e733fe1e3123d366af7c8e578ae

SHA1
9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

SHA256
8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

SHA512
d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

Download Submit