Analysis
-
max time kernel
107s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
20-07-2023 15:47
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://contacts.diarys.best/[email protected]
Resource
win10v2004-20230703-en
General
-
Target
https://contacts.diarys.best/[email protected]
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 5020 msedge.exe 5020 msedge.exe 384 msedge.exe 384 msedge.exe 4036 identity_helper.exe 4036 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2392 firefox.exe Token: SeDebugPrivilege 2392 firefox.exe -
Suspicious use of FindShellTrayWindow 29 IoCs
pid Process 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 2392 firefox.exe 2392 firefox.exe 2392 firefox.exe 2392 firefox.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 2392 firefox.exe 2392 firefox.exe 2392 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2392 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 384 wrote to memory of 2484 384 msedge.exe 83 PID 384 wrote to memory of 2484 384 msedge.exe 83 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 4724 384 msedge.exe 85 PID 384 wrote to memory of 5020 384 msedge.exe 84 PID 384 wrote to memory of 5020 384 msedge.exe 84 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 PID 384 wrote to memory of 5028 384 msedge.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://contacts.diarys.best/[email protected]1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0e2846f8,0x7ffd0e284708,0x7ffd0e2847182⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,10550647994696851934,4451923842539083980,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3468 /prefetch:82⤵PID:4668
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4260
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2904
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:2120
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2392 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.0.1785080693\1608379701" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5098293b-1097-48b0-ba10-91eb990873e0} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 1980 24b594e4058 gpu3⤵PID:856
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.1.682000512\74670373" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2348 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa6de0b4-2410-467a-b932-e3395773731e} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2380 24b4cc72558 socket3⤵PID:984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.2.1615338847\1116498391" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2996 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42bc6374-8b7b-4301-9e4b-7cf3d676d36a} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3008 24b5d715c58 tab3⤵PID:5480
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.3.378428403\826101723" -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d97ad80-0fd6-46f9-a4ac-b0e807eda71c} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3604 24b4cc67b58 tab3⤵PID:5588
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.4.482621425\1070874546" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 4564 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be490ece-1053-44e6-8bc9-50e49a7cdb26} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 4596 24b5f42e558 tab3⤵PID:5772
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.7.1538794968\1306639853" -childID 6 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb6e651-8074-441b-8ee4-6d17d339f50e} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5344 24b5f894558 tab3⤵PID:5184
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.6.1378366339\173144997" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc3302a1-da3c-480b-9235-b9d8111a1a93} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5152 24b5f891b58 tab3⤵PID:5176
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.5.1083356604\1333123600" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5052 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40c467f3-ffc8-4a18-9c73-b583a696023a} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5068 24b5f893358 tab3⤵PID:5168
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.8.261699267\1270135560" -childID 7 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db39fbe6-16d4-41d2-9eb2-ca85fdaa7817} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5228 24b594e4658 tab3⤵PID:5012
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a7ad9bb1054aa03e39b3554833d0c3ec
SHA1cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9
SHA2560c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189
SHA512d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD507877ba57b12b1e366280573e041de87
SHA16be185831160be1a2780955a89ec8e84c8643e41
SHA2566853605b50e16b454b258ae2a1100d9cbaf3e3805cb5cae34cff8402e19ac182
SHA512989f50b4d3ff27617567a78828de3aa2d83e7f2f5a08ddbaaa43e1126abe0a6e00c1c5f20f302fd2942f5827a5e5607b479416c5ea27309925289beb083cd76f
-
Filesize
627B
MD5c3c7779ff1131286aa9ea6baa43a45fe
SHA1012ca2b8683160382a246babf508b4497fa418eb
SHA2568bcc8a335b8e66e2bb85731206185435a6e59f65ecf2ca2e7ec5c57b7b6e0da5
SHA512fe411ae1a85aff2359d11bcaea21116d61543b08b214834e70443ccae8c90d4eb97e2a18d328b7dc795923536bf951f89a195eb64882161b47005ab86ad46d0a
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5fec0264584f954d171738aae90400c75
SHA1976f574ada157de8a15b548390c9b089445e967a
SHA25653de08b24f035ed512af823dafe18ab36d9710c7e6b85ce4ebd8fdf099b9927f
SHA51268166f22dddcc6f22d0c4278986a14e660de5397273ddc40ca91c56725800ed35baf053458b2b2d5b6c30ce26bebfd300d04eaca47b55f7a04856747e61e6cd9
-
Filesize
5KB
MD544d63f9ec0c5aff3c525ce902544eb3e
SHA1729a3373ecae3a7305b61b0fc02307c78bf04c32
SHA2565c15dceb94640771b1c8f9ef14322015eb55cf8f16e6a6b59b7508bf50469454
SHA512fab9ce28d46544442c49bdd2c4ad2ceb78294e7a68bdf82c07d5f4acf3d80806326b12e8a2efabd324f813645454e1ede8e2b92dae334ad1f9ad1dd7140f572b
-
Filesize
5KB
MD513857bd4cc2344eacea7590c32970c5c
SHA1a7631c1bd733b547bbe2f70a7719f732a5d3edec
SHA2562bfd530edc862cae3e04d962590b4fd2e2dacd2555dddb6cb935138690a1eaed
SHA5124fb44b9fd48914b7b9135b48741c03f6a0777b35af2d5aa67d45002f817897138148cbe0d9cb950da32d46a1b21eafbb20c0442ea0939de3818d19b786c88f56
-
Filesize
5KB
MD5dadf1b9d67ac2a469e0fd7e08aeb5ce1
SHA1e9eeb95900c668e7b79306c780b66c39f7d6d8a6
SHA256cba8fd7c7eae25802eb28fe2a8f942e8f7899d0f28b73295d52ed114e13cc722
SHA512b64675a0bb4cf9a97bba3561fc3be55f2fc972c235eb2936ed7c9228417b05585e8ac29d2e0ed0cc12fcf476b83d1b1c493c8d0f3d2ab8ab89abc7d1521b26e7
-
Filesize
6KB
MD5b97ccbde741743388353feb88f1fc37e
SHA1902d0571c7b83a2af1d32174e73f733a93e964c6
SHA256d686e443f03cde739809b1e38ee4be465c8210f7c29cd883b9536d8313003882
SHA5129d36173abdb692e618970b0ad55510ee01e291000d2d256595a954690bc91df4c69cd68d03c14aaf3904f6dc59a71cb7b34faa2f09c3818bde1756e5b3e6671e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
4KB
MD5839e586f6de9b5444ebecdc837446be1
SHA18751787555b76e5aff54d76a54f7940e2566f696
SHA2561051ee9a321158e59c6072a13376cc9277f157683e5e632e24bb2ff778fda8a0
SHA512813160b7fa1338b5d5c40469b72d072c0bebc6192fa5ef02b232ca0876ddeb81be59c09c19ec4752e9d4af1d25853d937a5add32c0c94fbf4412c1e27a0a84d3
-
Filesize
4KB
MD519f2f148da71b3efd904c7c6afaecc5b
SHA13de0961861427483714fcb3ab587f2ca41f4b842
SHA256e56a1f5197de71917faded6e704321b5bc92accbdd4e553e77ff488e70874c9a
SHA51227e95f6bf3a99e54c6643aae1e10ce5a081ab28ea593bbbe635b8a6bbcfca03363b29501522585e1a2f3d2861468d526a2da24c4d8b72333b4a612ae13d01cc9
-
Filesize
4KB
MD53d937f42b8e2990dda9332901854a87c
SHA158505b0adb8549d71c741bc902c1dec3632ab675
SHA25659f1ab1ac43936970e36c016f65bfe42b987e799ef06336801e8d536a9e46425
SHA512057bad063de5db1b53c540b930829fea5183170c794d29962a838f1e73d7c3cfd44baffdd6011ac85c38fc31c07123f5542ed83ca0b859319244424f7697e517
-
Filesize
5KB
MD5c80ba57f915a86861a4aff3ba816fd4e
SHA1b7f191b02aefb913bca542fbe24dc2944f97d385
SHA2560f3d2e46bd937e47e3b5ebe9653e89a001eead125a7f76f18f4a98028f7854f1
SHA51229dad6f3c9a8c55568ef07257c57b3ff55104e25548986f0bcc85ec50d1a93856904bb213fd3d25f4119a61e3e5eb95dd03d0d26dbc3875f3beedc9ed37b585b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\activity-stream.discovery_stream.json.tmp
Filesize149KB
MD53d10653fc4147d31e17a3b61606a14c0
SHA172eebc9f648e104f5f632566d4e058904d677a29
SHA2566399ae802f476c1908e7611e9d83af340ffa153fabe7482a4f49d9d0329eb7e4
SHA512a379ac85f1b86b63c842284e509260fe32d88a0d78f3f1f16a1a7046c24e4be6f65273e21bf912b4d67253c5d62d0eb45147e0e3f81c7ebcc9f4d160159c481c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\entries\ED9826654AE8BD972BDE17A9E0A449D3F881E430
Filesize14KB
MD5955c38e1925ef08c4e032087990d1d3b
SHA15558a9f491421c9451275cee0ec3e8a7ade75af0
SHA2566160d5c8dac073cd7ae8cb3398179029c4e9f9057e4422085b442ddc59447f3c
SHA512ca1e06ecaf59af9c9064a857342b551670d94905336122fd65b775a1b0f26ced569dc228c7e04df48b1bc2f7d1a21854afe9acacee9dd6eac294b4dc454c5335
-
Filesize
7KB
MD587d61b1ba5b57c20d1167ed45494863d
SHA1dd62fc92d3bf032e0399aa78a675662501e6035f
SHA256c937e75953b25d8a9319026fbf05dede0576059f49684124ff21f5096a0c043a
SHA512823ad50634324f7abd5782e4d1b582884a02c6183824da878501c546083bf463b9a4121cc6b2667b8d30c686a5bd398ac5ad94d8eebae73cc17a9cb54b70f3fa
-
Filesize
7KB
MD58d509693ae3e830f07f62ff831116833
SHA18047325afa84685d8cd307edd85d579f011949f7
SHA256843c8bc6ea9569c088e08630ab1108fc12cd677aed16edf33119d5f7e4333712
SHA512aa5318fd90052a05765b148165b2bc6948bbef63f1f33ce7bf7691af9d8ab718bcc5d88d094d5eefbe3dd68fb03b68b94ce927af66d3229e8a349eb154731b7c
-
Filesize
6KB
MD519ceb761329b83cff4350b8a0991118f
SHA139e36331bbfaf15cd857b735f927db9120d75f4c
SHA25626de2bc3ebfb92b373d218ef1a210a153528bc0ea686cf8f84fc7f69f26cdbef
SHA512d13790b48ecf5afaae204ba64e557b037764618c8e8826eb1b004e8c82e0c662f46ee60e00b1d684103d95cf3d8380b2a556bbad4d38b0c566fd4f54ccd890f4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5eb67408d7338806229ae82ecf90e02f9
SHA1b20a81131b8f7d224e9496904306b146048a3cf7
SHA25627d1b3f77ea1c79cd504afb7ca4728f165743a19497175445c76bab96259c4c9
SHA5126e17c51a694a34d9dd13e45820da6089cb866993b4cf3469144b96d5335bbcaa812817b4772ba49a1009c116fa0e5e945fdcba2f6f3875e990b824036e7d9bf8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD53c53578b1ce59f4e2af0d4085a1b417c
SHA1458924f50ebdb65030effaf507261eccb7db5ba7
SHA256191358a342efa5f94649980d531d8949167b6783cd0ab897e6cdf4faa871fd61
SHA512be5adde2db1f99dd9eebd960a609233c88ef217d03bcc067f3bba94bb814489f2d1d2e3375029e7bd5ebe86d6c9ca61a7871a968e4e76564dbea61f56649d38b