Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
86s -
max time network
92s -
platform
windows11-21h2_x64 -
resource
win11-20231222-en -
resource tags
arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system -
submitted
03/01/2024, 03:30
Static task
static1
Behavioral task
behavioral1
Sample
113HiXIRO5J6t-cg42Cd6vyO2nrKL3GGO.html
Resource
win11-20231222-en
General
-
Target
113HiXIRO5J6t-cg42Cd6vyO2nrKL3GGO.html
-
Size
506KB
-
MD5
47f70d73c698b6218ca9ddd18669882e
-
SHA1
14288f54481ed7eb063f8b5f57608d848785af3d
-
SHA256
4a070bbd0d4f84a8b85e084dfccaa0297d483879031ce6d700d20d4fed100934
-
SHA512
6408a8833a5eebf69f268a1254dd3d9372b66dcff895364e8879ba023ce639237f53dbd6206c8310fe9d2d532ddec62cf44e3135b3578d42b6867f05ce56317c
-
SSDEEP
3072:p9nrcC5uZhY+d9Iblg4LZBpnAQ8Fl9i/JmvxFfDb5dwPtrMlSH19m25F3P7BWycS:z4GuZhcbl9pR82H19m25jW7jJjUjvjKs
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" iexplore.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1380 msedge.exe 1380 msedge.exe 2972 msedge.exe 2972 msedge.exe 2180 msedge.exe 2180 msedge.exe 3196 identity_helper.exe 3196 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4680 firefox.exe Token: SeDebugPrivilege 4680 firefox.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 4680 firefox.exe 4680 firefox.exe 4680 firefox.exe 4680 firefox.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe -
Suspicious use of SendNotifyMessage 19 IoCs
pid Process 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 4680 firefox.exe 4680 firefox.exe 4680 firefox.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4680 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1380 wrote to memory of 1556 1380 msedge.exe 84 PID 1380 wrote to memory of 1556 1380 msedge.exe 84 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 4468 1380 msedge.exe 85 PID 1380 wrote to memory of 2972 1380 msedge.exe 87 PID 1380 wrote to memory of 2972 1380 msedge.exe 87 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 PID 1380 wrote to memory of 908 1380 msedge.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\113HiXIRO5J6t-cg42Cd6vyO2nrKL3GGO.html1⤵
- Modifies Internet Explorer settings
PID:3048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa88273cb8,0x7ffa88273cc8,0x7ffa88273cd82⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,14077738076465082798,5943090883009279483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:4444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2244
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:1100
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4680 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.0.162709240\689190757" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1756 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83aed1bf-a922-4a33-946a-15e9157014ac} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 1856 1f502ff1e58 gpu3⤵PID:4320
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.1.353809495\348423550" -parentBuildID 20221007134813 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cb20147-721e-48b2-af2c-eafe8075d70d} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2232 1f502b40858 socket3⤵
- Checks processor information in registry
PID:1336
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.2.339179231\1049120167" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f0604d2-efae-4bb1-8f3d-f4387ea10c30} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2956 1f502f61a58 tab3⤵PID:3924
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.3.861747418\983336664" -childID 2 -isForBrowser -prefsHandle 1020 -prefMapHandle 3488 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03b9684-0633-4ce5-99ba-cc162622268d} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3496 1f5087db458 tab3⤵PID:1780
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.4.760099947\1829316271" -childID 3 -isForBrowser -prefsHandle 4144 -prefMapHandle 4132 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42da7954-034d-4a51-a854-81912d7cec86} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4156 1f5087ddb58 tab3⤵PID:3040
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.7.1305337425\1089240034" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f194632-0bde-48e8-b3a6-85a92bcd4d43} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5368 1f50a4f5358 tab3⤵PID:5540
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.6.192708816\485591925" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e9d28b-3296-4c4d-b843-d7f7d3ac6e18} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5176 1f50a4f4a58 tab3⤵PID:5532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.5.1806798155\323315928" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5084 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76a560fa-2fff-4457-882a-36d95ea86e58} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5064 1f50a4f3e58 tab3⤵PID:5524
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56dbe72a1f5827efc08f70d06ef815d46
SHA16aacd61519fce53ecb92e5e61207a6c29c01f47b
SHA256dd673404dd6deb2d2b331316370fd05e47c01b9dc489640f05b50898d536a6e3
SHA5122e6115ca818df5f5b7985caf3ce2324e266b376f6180f84b44e9ae725e037a8456c2cd63e22b9750e2ba27f4c7460dfa429ce9910517a728b056e5f1e730e25a
-
Filesize
5KB
MD573dd13c8b8a9012cbb62fdd73aff5092
SHA156755dbb4e864e2ad76dd1cb7eda45f62f67c1a9
SHA256f2b3d4e5eb2078ef637b4b3d44e34b963178361f9ea8a0bd542c5eb183be166e
SHA512c75c8de373ad3355d76b9cc0a9f453466122fbc041f8d52e286ca5a1f1ccbca5913b7c9f2b879bf8be8cc9f0d6ef50c4fb6918bbde98f5223b4929efccf5b5dc
-
Filesize
5KB
MD592997e2496e81bc22fe6f206e5ea1cae
SHA101d2e243401687e51e9f1d12b7f9479e066a858a
SHA2567076322ea5a0a579c3bc18bd6d083a47388160d7523522d03d855f500a3e4b2a
SHA51239244953033231fac28759ac7dc1db8030e814d601e488b5ea4260a534ed2d21ac42bb3e8cc4e2f8c534aaceb64a120570b7d8cb5715ba7d04dbc765787b9ea6
-
Filesize
5KB
MD57eb7dda624b275f74237822e8bedec48
SHA156718906aea1920e9db2708603f697a501c4e0da
SHA25694a1e7f453b5abd18b77a570d2cc7b6296f9d725e96e41b7b7bb1fcce72fada4
SHA512a89ac0337217e8bcd00148ba1fa9f98703abd46a203230087cc48fd56d478bfc93f2fb0854485801777d2de9d3456e7431b47b988cd30c6ee46f9c9d17a43d56
-
Filesize
5KB
MD50c0ec9b9925332806e2b880358c9751b
SHA1fc3d7442479ba575c7e00c59b46a0db4fd4f6096
SHA25670ba23ed68c588ac1f16295c5a8c74296b256ca742174a3c0d2a0d8711aa210d
SHA5121df0d23847b45dae2dd03677ddf14f9aabf5305a1d7211a3423e22fe64c993026cefab7603dbeeffae2af6136130caf28647517fa5616fbef70d390a5bc76e0f
-
Filesize
5KB
MD505b6b1be00f40417bfc0d58d483c5638
SHA1797f5694969e5cb92180bdecdbbb9a0782bd5cd6
SHA256923b3b278aadce0e0b9ea7dde4878afeea36a79d8d472d2b1432d53121fc951a
SHA512bae64b7dec7885116db45d7ec773ab6f5fe1b0bda7a58dee106e9a364d1ae796eeb96bd345f8c69405aef87c62b6c1c0f8975a9e99eccc568257bb29f4582018
-
Filesize
6KB
MD54efa9e2a78e78cf3be64f8bd91c33673
SHA1c3310ebbf330a4c672e655d3ba4f9f22be87cecc
SHA2568e9c624d989041ddd49cac20a3d4a10441b6bcfcd4122faf7a9f964a43f3bac0
SHA5120e72fea72d20b55b6f78b017eb56c3157b7bddddaa80193da7df0a32f837e96d2f5e8ba4e48e7863c8c178cab1733fb17fa3b3f3f16c4c7da6c697fad5b3de50
-
Filesize
25KB
MD5e5477be1e6c4cc9f570c69a84dd4f681
SHA1fdcbdc83ccfef1c270b927c6815e641f6d96a132
SHA256f06ab204d1d24ecd2d13e473bf807a8fc65ed09114a227966b4a308bd7eaa531
SHA51224eb3338f0a7be6df183c5d5f22831bed07ce0779dcc124e805364a128a08f571160a6809556cd1de323c9d3cc64299855978967c8693b8324cd9bb22f5ffe14
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5852a96f002b25b3347ed4c2332034967
SHA1c10c24b04a061b4d4faad6ae7e20f4237e0da464
SHA25657c4f58afdb4b60e359ea2d1ced10b31bc57e9c8173f011f8d13d8c076d18334
SHA51269eba1d56f5607a28851fa96eb534cac0076d4a77c97122c7c8cc9132909125131a844e5bc82e8597ac4668c6fd7cf3af6277192d756eda47ded4a8fae54db23
-
Filesize
10KB
MD56abc82e1a485fbfd153fc47ed48343b1
SHA1b44d3bf82e8ba06dbfe343071bb1a02e9121c450
SHA25652db418a1dc79d5d3553a498c4391d3f2f244f85dd0e4bfb234d55d7721d3b4f
SHA51228449a682deb71180db866501f2d2572af2b4dcf464944dedb98c358aec499946a50d357fac976ea637d44d820f73f838b897ab034b2775682cbd74bc14052d0
-
Filesize
10KB
MD579447a86f2c9f4f4bfc84fc0c9cb8f33
SHA11175ac9147e49bd1dd0ae64fe60f9bdcfb3d6068
SHA2563ac5d20814a8ea683e5d6fd9067917cdb0df0a5393b8be18fc6a0d8d392d3b22
SHA512269c002653de889111a3b3615822b5db5a86a511422673d4c40ab545d632aa69d056cbab92807cbc435f1e6a9a5b1c47a4b33a3ef1f34b15be16ac153e0af79a
-
Filesize
11KB
MD53e2f58d2aeeadff736fd2e1a9d350e4d
SHA1eb583fdc944554a85eb312d006af2b1e4d9ffa81
SHA256128022cc122e70a3eae5441d3395c833f300525781ddd1ea543cfecc3c5ff952
SHA5128bed08f53f1d63de02eb4444d545c2f6ae896259f9f254d1ed1f6fb3fd389bc6d2fd451e107266e96afa21592e11043cbb4424ff604338d15cd8ff9b26f431ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\db\data.safe.bin
Filesize8KB
MD50a93873cb1dde3654903b105b3ef125c
SHA1498dd5a74da13c85862fa01cb8c41358d87d07a1
SHA256756ff050f49e1a4ce8c3a34f1f2766d12b7aacd91cec03c0299aa3d22371a01c
SHA512ae21c89778a8646bce2c6c89b2fbb2e2dc52f2752a755223cc6472252b4d374644006c44ffaaf12107f6b32cc8517a20b2b56ae34f3f102fce77e04f61610a79
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\c62a681b-15cd-4b75-839b-db7f0347d27a
Filesize734B
MD58ab6dea6a7c1fac36d6157566573f3b5
SHA1c555c0b198387a4b576235bb75e275437a35fddf
SHA256af69d717cec6f3a9cb36ba2b0f0b8f9a21062f50a5202a1372d0a32fc86c805e
SHA512d13b7e40531816fc586f8ac46604ab626077e6c70150e04936668d54773960551252ef7149e66917511af194f9ea60416513d8a68a90e2c3b314f6db2de3cbd1
-
Filesize
6KB
MD51060a0878761b25c7b7491b9bc6f974e
SHA131b534de0d7349edfa394c572f70cc054b314113
SHA256aca1167eda1ae6654d718764cf377445658e3fc25f920134b80a27a134b2dbfb
SHA512d519fdaf44e372f8b4ba477e236badeb49f34149faf64c3a63a38887f59531216678b43016e1d622981a4c6d39a34194ab5bdc89f2d5e81ec8838911928fc8bf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore.jsonlz4
Filesize901B
MD5b3f01520749a17c7c7ccfab87af0eaa3
SHA13557a66a171a75975e1303ea73287c55b00b91a3
SHA256692de0c4f9171e6d2fff1a51e356c056704724a54fbbc14d181cbecd5633cd3c
SHA5120b12e0c19f02767e322ac4ba58c509823ac08d38a178c98e535a0d6f44e33675c1272268acb8f63b3974dfa2d6140ac4a4e5afbfcc093355c803427948cf730e