Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
31/08/2023, 11:33
Static task
static1
Behavioral task
behavioral1
Sample
Beyond Launcher.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Beyond Launcher.exe
Resource
win10v2004-20230703-en
General
-
Target
Beyond Launcher.exe
-
Size
23.1MB
-
MD5
474a97f73bd209f58f32e28fa2ee7175
-
SHA1
dbc7c67af7aec4f5474da33a9f2687d38c771357
-
SHA256
35288aeeeb27a30c343271ad58813a5a066ce7b63868561e4118a1a275b5fe03
-
SHA512
e439c49a687d6a4e3ed5dcd77fded2f450bc4b878d3b61103f0572a0b663549109e1e3af6cb4bb3f790d1d1fec50c3dbee1c3363d1e4a9c8c59a53130b3b3b4b
-
SSDEEP
393216:P850RfZDmuXSXoPirJxMQTERfpFCBv5ZrQogE17sGnnhUuoIAOQ:P84f1dS4PEJFTERfvynxgE1YGKuotp
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 693811.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3620 msedge.exe 3620 msedge.exe 4964 msedge.exe 4964 msedge.exe 4744 identity_helper.exe 4744 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4628 firefox.exe Token: SeDebugPrivilege 4628 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4628 firefox.exe 4628 firefox.exe 4628 firefox.exe 4964 msedge.exe 4628 firefox.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of SendNotifyMessage 35 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4628 firefox.exe 4628 firefox.exe 4628 firefox.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4628 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4224 wrote to memory of 4964 4224 Beyond Launcher.exe 88 PID 4224 wrote to memory of 4964 4224 Beyond Launcher.exe 88 PID 4964 wrote to memory of 1460 4964 msedge.exe 89 PID 4964 wrote to memory of 1460 4964 msedge.exe 89 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 2060 4964 msedge.exe 91 PID 4964 wrote to memory of 3620 4964 msedge.exe 90 PID 4964 wrote to memory of 3620 4964 msedge.exe 90 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 PID 4964 wrote to memory of 528 4964 msedge.exe 92 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Beyond Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Beyond Launcher.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.14&gui=true2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8da0f46f8,0x7ff8da0f4708,0x7ff8da0f47183⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:23⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:83⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:13⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:13⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:13⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5420 /prefetch:83⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:13⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5716 /prefetch:83⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:13⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:83⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:13⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:13⤵PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:13⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:13⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9183127040569831041,13605145039261422493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:13⤵PID:5220
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1924
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4196
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:2884
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4628 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.0.18752919\28411192" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1784 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa7cbc91-f0c3-421c-8e67-a290fd80af40} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 1996 2a955bb3158 gpu3⤵PID:3288
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.1.2050332196\929274609" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {445924ae-778c-4c6a-ad51-e5c77199eed9} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 2396 2a9558f8758 socket3⤵
- Checks processor information in registry
PID:372
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.2.287763131\926135021" -childID 1 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95b2e117-7db7-4cd7-ba7e-b9f9f0b5eecf} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 3500 2a959bf9258 tab3⤵PID:2016
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.3.1974642389\926023352" -childID 2 -isForBrowser -prefsHandle 1288 -prefMapHandle 1280 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9860fc9f-d850-4e6b-a47b-66de03ce6b87} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 3764 2a949162558 tab3⤵PID:5232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.4.1569779661\1196469413" -childID 3 -isForBrowser -prefsHandle 4548 -prefMapHandle 4528 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb79e316-078b-4dc2-a98e-ec02bc28708a} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 4468 2a95b873c58 tab3⤵PID:5412
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.5.1626062668\1583412230" -childID 4 -isForBrowser -prefsHandle 5188 -prefMapHandle 5184 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b21a2d1-ce37-4a3d-85c6-0b66ed866ecf} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 5176 2a95b872158 tab3⤵PID:5988
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.7.1001869143\182632160" -childID 6 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0753adf-cfe6-44e5-8a3e-ad63f6bf4249} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 5604 2a95bf54958 tab3⤵PID:6004
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.6.170287476\1014423791" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9541ea5-6c60-41ec-b94e-8b4d546750a2} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 5304 2a95bf54358 tab3⤵PID:5996
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5547d3841696f927e6768897d90d8ed18
SHA1995b0d243101b77bb69f2cfe0725ff15b2feacdd
SHA2569a63553f554991d7068ed0bd15f3b6bf02c75e0033683ff015389bc766151708
SHA512aedaabdade4a0ae392defcfcee7a171be7a7f67633d5cdcd25f32f7d0c8d9641a87a566cb5b2dc0ccb74d0e6ff0633370ffd2f8f76e63ee50e9d79ed726bc06c
-
Filesize
902B
MD5702b6417ba3f3575064417b2b6a7dd39
SHA1aeec1737ebfaf5cd2b8c56b5afc4c0a2d03455e0
SHA25616c38b81e653de0a00d6be30e1d7388b051db70944b30df1eb56bf7cb343713b
SHA512f532e1619c8722e956e63b828063ddb8c14799f75a32920229855f31fd4718448611c0db877e58693418917e3e04140811ee6441e955aaa590605aa725c8f71b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5927080409ba414d0352ae37186b42f8f
SHA1ee1e027aa246c468937109a5fbd4818a60b87968
SHA2563cadc7bf826e5d5af4326770fa1e11e3ddcf84a64faaf08efcc63dce2e862f23
SHA5120965c0bbe5371e3e5b7761abb6c4951de63be05b6bfe11d614d756da97a32e8c7a0562120a46801e33866110b1f98ccd6f34b1ddff1a8a991cfb33a84dd71ffa
-
Filesize
5KB
MD5196b084d576572ce51451646524e2efa
SHA1356d0896854b94084376a522b2386179ce2eb8b0
SHA2567f1ba50df0658c4291197fc1287170a2aeea3d36ce98e01ce4b01d15f385728e
SHA512973d60fdeda71cc1fbaf3eb7ecddb4789b6ddcba772381a9c5c07e00aaac43746bd805801ce5c34ea9ae1dee9ec08b7622e64debec45da8c86ad66b5bafa4d32
-
Filesize
5KB
MD5ef41344b736d634f7888519d21ef0c4e
SHA19011818568543a3d224e268ac47259a7c4089b48
SHA2567d3fd326f8895c6b42bc0a6f9b491b5cf45613a65b303bd97ce837cf30f1cb63
SHA5121055213bbfc10b4cfb00aa01e3c9701e8faaa38e0ba913c1386183c6a081bece8f3bab9fcd040ba11e54fd90b13a50f6243c8452277ecfba9b9a84658d2b4072
-
Filesize
6KB
MD5f9eb5e1166c7808bd8d6691a6c7e8436
SHA1c3427e88a7c16188eb7b59eadc40684a8c36427d
SHA25692b748c1e263313d916a567af08371834a5708ad49311e367bae12e6518317da
SHA512d0f046a48fac7f59371061f54a98f09519dfb58bce26bdbbc31f1c334552018a4c7bfd7654d4f877443e0018cbbcdf927b770f668adc8502703580ae0753ade3
-
Filesize
24KB
MD50e78f9a3ece93ae9434c64ea2bff51dc
SHA1a0e4c75fe32417fe2df705987df5817326e1b3b9
SHA2565c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68
SHA5129d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5623ea152a82788977ab7d8e27fb91427
SHA11d35e13ed159facd287c912c801be05b8f05d73e
SHA25626f571d1a958dfd651eac95fd871d87da65aab81b9dce300c477114193ea7420
SHA5129c6e922019f85b6ae89123eea55fbc00f3783e48c2975e08a4082fe3686a4e6f4251c79d9e681584bbe5c8e3ecc56fb1a3c22bcb0150ce3a527c0f7adf4ebd08
-
Filesize
11KB
MD5c6324428b7f6cfeedd160ef877695017
SHA1bd8eb6890501bdb49dc89ad51db88772d7b4f8af
SHA2562ad366149a574bae3561a2fe4e1e15d6c482dadd4f427bccb0b7f6ddc15215b9
SHA512ac1e802aca495c3a41fc2777488860ac168d601cadae0dbbe22bde496add23b4d590d3224f19b31f206b2172498ff770c13a77ac659836d1d2829d0b128d96e0
-
Filesize
11KB
MD5721a3e1e83cf83c718d66a34095abb83
SHA181ecb5ff01e880f62f5cf9461e0d9742317d657c
SHA256df94ed844bf266ba492131739fa0a6ddbfb645482d966b893f6c59cd38b71b63
SHA51284129475d25e186cd2959ccdbf4132af9629bc5c0269e912e6a5901010d95cec9765d537edcbe3330dc77d89f970577a752c2859b162b3b477617d87d8af5e13
-
Filesize
11KB
MD5ef413087ac6a84a4be4c4cbd5c572cd9
SHA1737c8b4e6b6533ed9f7897d09f2f8c62c502b493
SHA2568101f753db41f50bde0f17d0ad6a8b966fa42754c9bcd09508a04d1da31f1b67
SHA51251c8f1bdfbc9e9ea2144249e9dfbc40bb99b451c34b342f5cd3f6448ca3a6ffb2654b6b162ee5e6be4835a37d94099a9867f11ae9ed3921d936d7cd5e1b964dc
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\activity-stream.discovery_stream.json.tmp
Filesize23KB
MD5dc5057822b27b8c871cde70e9dd7006c
SHA12cd6fb3f71b8fa90f70dd5de9d243636e0fca694
SHA256765e713188f36319b94fb0bf0f6424aed08ed3620992c3ba3eba32198c3dfc84
SHA51271c1cb9aaa7c1985b5877822fb8d031954271c3442fa1956dc8b3db5b0ebd6071c69a20a63db99e5e312a7aaa3dcbd60d1dde224b9cfad788482c50061289272
-
Filesize
6KB
MD57d324fafbb26f56d6ad6df12ebbc9878
SHA172f319efb90b080ebef377090c98576ffe730a07
SHA256a2e010d0201e334e490801404bafcd7dbd9fb24665949420817dee8e06bad1c6
SHA51267a7147481197c62c38157ff3ad8251fa6d1b9deb2805dec10ff87ed2a5eb34b3d5ffee0e6ffab79027144389406e1083aab6f6ee448f521f9a38e5c5c75f1b8
-
Filesize
6KB
MD59fefbc46e26a261babc6bf5813a65193
SHA1d8334b54fc48702ab9516c79ae16940ad10ece7a
SHA256670818c2554f1b1cd2a397355a80d03b123d52dc36cad41d283fee07d5756470
SHA5124560f82f6ab9751f63def724aa34b165e27b87d270bd8747a10ff43d7e2ab1518bb6a2b3647b8a9fa6c8ebd7e9824bb4ed8344d0a56a97744a1ca44f1bb73fd1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionCheckpoints.json.tmp
Filesize259B
MD5700fe59d2eb10b8cd28525fcc46bc0cc
SHA1339badf0e1eba5332bff317d7cf8a41d5860390d
SHA2564f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea
SHA5123fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore.jsonlz4
Filesize883B
MD58cb8e0ba6dd42b95507c670f5ad0ef1d
SHA1fd78b47b63b54d056ead53eb25f6e553c9cd1740
SHA2565a0b91f8801bb3b6cd9686524b20f2acfad84997b5f07f7a7049f5ea2be19ad0
SHA5122ae93f6a2befb0e6c488eb646de0900a01c349574880ac9b84ac44bbdb1d8969edc0541f51554b21a016f303209b47bcb5788106cb8638c2fba388e15a473499