Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
128s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
19/02/2024, 21:08
General
-
Target
https://www.mediafire.com/file/huz472c8y7uze0t/lol/file
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/huz472c8y7uze0t/lol/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc14b46f8,0x7ffbc14b4708,0x7ffbc14b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6968 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,8771462803050617392,1972991779050824833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\ipconfig.exe"C:\Windows\system32\ipconfig.exe"2⤵
- Gathers network information
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.0.53058611\1652341020" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {095891f1-c53b-41f2-9251-f7b201cca933} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 2012 17e9a4ddb58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.1.1923923735\1717105059" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71b7e763-9e52-4f19-be7d-53ce532d8d8a} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 2412 17e8dce0e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.2.1005977234\198890445" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54899cea-2f1b-48ec-ada3-56fa977f8fcd} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 3224 17e9e88b258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.3.1207512443\2111177064" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46f2b234-360b-43d5-94f0-837a59af67b8} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 3572 17e9ec7c558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.4.1327852044\1890263220" -childID 3 -isForBrowser -prefsHandle 4200 -prefMapHandle 4072 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ccc6100-f6d7-437c-bcb8-67ca85b4025a} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 4232 17e9f7e6d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.5.2006189068\903224133" -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f59444a6-0768-45f0-95b4-e6afcfa71146} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 5220 17e9e86a258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.7.141914979\1543225583" -childID 6 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0214cecd-a876-4654-bd39-9359ca86d282} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 5624 17e9e868d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.6.1270908658\712904148" -childID 5 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e74af3-87f1-4b42-b2b1-9fc1d1b2083e} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 5328 17e9e867858 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51386433ecc349475d39fb1e4f9e149a0
SHA1f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e
-
Filesize
1KB
MD5771131e5b0e7babbb2521556aff8a85a
SHA1dc89fff7cfe2259b06a2c64524fed18972023396
SHA2567cec1d31679384d66f854147211f6bfd377ae3696b647a824307b7074d7da2aa
SHA512e3d0d28da0027185d265d42fb534c85f7b97b2e2161ec8f380ecdf3e1aa2da7f9a9d6637a91343c8212d5ce076eaa42d0dc25b9420ca922d7799c00ca9f3be1b
-
Filesize
9KB
MD5f0ac5249433cd3ff86d92cc5ce2f5e88
SHA14ce159f96bb2fc1a1bd9bdf72d840d756206f08f
SHA2569a8766cc6a6f11ea4a6a9cacdd5d03dbe5a98b3abfc0492e7dcf45d94b226b15
SHA5129c2f41974bb289e9192537d79dec73abab6396c7efb85779545f2824f3a77c8cf99f6581ed934e0d903b7037602611a2f4096242c640894da4bed0c2111d59a1
-
Filesize
9KB
MD59254be3095869bf0e35473da66aaae7d
SHA1be91e657e94666b20c745c41821e527235ce42e1
SHA2561f58b40421f4d5b416cc7c0abd41d1f4b88dbc13a1d9d70ff95e647f1510c64a
SHA5124253497ab8540394dc689f43bcd36109514540ced5abbb0d8d9967f37a9498067c4d57cf6b2d2afe8141a44f79296d5e196059fa98cf95b4b00f7eb0920a3155
-
Filesize
12KB
MD5cac4ed6cafda547db7cf9f5efcca10e8
SHA16ec0eeaa7d9b0b711f0d306e9df67b027045a97c
SHA2568db132b67ef8b9b49a795dfc0a18a2da11aba6b05f90b9532c8bfe1532d50d8d
SHA5126ddfc869d0898cd7de0c8a3f12f7f66c4c87a4f0539948153a12e31404c0599030e9aa675218553ff152380e3c9a919e3d6c6efb90f007e4703a479b5badc31b
-
Filesize
5KB
MD5b23af8f309d28028b135f9a6488a6393
SHA1354e6bb7662ceedc1c8551464f0e841ac2b55e6d
SHA256747f8c6161ee042235b9f873990300f6a201069a8d459f0ebc370467a5ef95b7
SHA51210d0455c6121f238ed62654b2c9791874640dece7c35afd6566c175718580cf7fcb131f643259178a8ffd7681d0e6472d27d787a3471ea79f52dbfaaffc9c16e
-
Filesize
10KB
MD583ca8802e9565614e426bc0cef185b36
SHA15d575089df5c208b9cc8077b2fd3c6ea81e035c9
SHA256508e9e2e7dd31248c013e09718b1c4bfeaede4e4f77cc0ddcb10549c772b289d
SHA512e3b210c4caa87e055913169d1af25e1334073e686d133add71ee4bfabbc3679d90482c6b3c6bb88981011e7f8ceb4da58ffa8a9d2b608d40c4cd5e26f1a7245f
-
Filesize
12KB
MD503e06d6d1b261507a38d039fefae1c5b
SHA1dc90fb27649e4c47bcc4947aed2ce79f436c0f0c
SHA25613b45625c1083c851b0a35c4149889065a25d4e709fc51eddd8227ba06e19f17
SHA512f3e51f4508472c1490114649542a365876790703c3428e158ed76b499ba30aa532c7c4d16938448809a9679581d0e5af333027b49699a24cfccdbcb6df4888dd
-
Filesize
24KB
MD5e664066e3aa135f185ed1c194b9fa1f8
SHA1358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA25686e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA51258710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e
-
Filesize
2KB
MD5c19413c46f5e9ee3aafb88258e5729ca
SHA16c51631105db8db4c28496913fcf8697b8c61458
SHA256b0a30e4edc0b9801710b7b2dd9185c00385942278f5f83d83fcc813341848e49
SHA5128474ce1cce832a5f869175467458ee70eb85372252713ae49bb88d83a2f7d32ee3c6760e893de79ae0419566a43f908bcdc51d35a97507e2928553c823141cd4
-
Filesize
2KB
MD561dba1fc5e529f9480677a1d58b2ef55
SHA139eb6d7481b2251a80b54efdd767c46ba43f644e
SHA256e670f5b05bba3659aa97e1bf82687fe0a8d17c61a012e29b86bfb844e0301698
SHA5126b74cbdc197dab3d1beafa7a677d7d2175a4800044d7e351e6d1ebc02a9893e320f435618f11b172d41bc1e133f655e732f274bda2999c42055bf98b70022455
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD592b2e80812999c25aa6ec95d5d1b7654
SHA11b51ff5629a0f813cc62f97099084f29e5d7a250
SHA25612e78a01a68f2f4e55684047e559e49946d5dab5ce02f6c62f3b843a1d6a2ff6
SHA512dabba6ea0c4340b82d094bf91f746f058c905978c5cb1709c7b6ed45d5badc1b7a96a2f60e2d97932e223b2556b44a25cb9000611a0d9c1929147b9b06f85009
-
Filesize
12KB
MD50b72c6d5a79f39e6970079ae8cd85690
SHA11c00f9f7d865f6e803945d40246a86e9d4620a0b
SHA256a9c949835125e0306b86c617108d4a7b7d1c3d7cf8113c113e2d8e3f89a7e47d
SHA512d4b72d20fecf92abd41eef9ffe2e0d58378d4dffc0d881d30dea345ce00773ac63f0301970a6cd2a8fc2dd44c587abd5c89b1725dff957d3c0fadce1f5a71f82
-
Filesize
12KB
MD577cdbfde508bd1c1273be53cf34fcb27
SHA1f84beb659cfde62813f9e4519253872e448efa50
SHA256b3347ae9ad5603263eaf2c19275b773b5599816a0ea748c2618b6cecdac2a18f
SHA5121642a306f1df63391fcda64df7c055279a301debf3280a58485ca7fd9d7e2bef9d74721c6d3ab73d503f1279eb1496dbefc00efa75a7564612118618ec424b82
-
Filesize
10KB
MD5f47486a3b6043ba78ddbdfb746ab7660
SHA1294e1def90293e9e07ce40a188389b15cea1b35a
SHA256a63a87360f4b9f1c60072d0c801586c31f6dba61d41acd3d2fb6ded720a7c0c6
SHA5121fc14577915c936bcb250b743e81c1c08d14c4c1aa70b7519f00ea4d9db6fb4fed8f7af5d59b6a48f31eccd49d44bf2d832daff4427adcd37b99a23aea6d6541
-
Filesize
10KB
MD535b718089a3a24db7f9c17a66db01229
SHA10cbc587c7304a9a94bf9e6d9e7cb7cabfbd35c47
SHA25643ef1e193a88d802e3becb84f9615791220f197b9653e4097b23b5c7e71a1321
SHA5127537e6de2aaf7271847cbd5e8b62ef0f1b379e7450da8e038e32a367eb5ddc872927bc7074957a34e153151caa8fe283f7501bb84319e79c9bb495408eac9bec
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
2KB
MD578e1b3ea3e05b8054e62f6d5924f7303
SHA1a6010387d9d01f4ff82641747a0c74cdd8fd2514
SHA2567060732a8a039e662431be835017a20690ae28c21136a76683d347195a49beed
SHA5121808b523b027d10aa1653b8b6438e38338f52dcddc9dbc10eb100f0b7b8021aeba33f567c3abfb60db5d12181cd3576def69fe056efaf7db0dfef892a4d2080f
-
Filesize
746B
MD5d2f4d063db005de245c7f67abb230cf8
SHA18f3218cf1b9044712c37c32ecee5a572c7093dd1
SHA256f01706905c1db52710c8e7edf1c4acba3f036656b6aed92ffbff030e3a58c126
SHA5127badc0401b4d7b422713413f9b5c8236dc6cfc67c7fe7bbb14dce38a9e2394d781e3b367bfe466648afaa6c4d54b6d1ff36ff26a3b902e6272a62077b70da426
-
Filesize
9KB
MD501748954fd8a5592351f4ba970aed46f
SHA1219af37ebf7c5d5e8c0d2ffd9bb015590c10069f
SHA256a5ec535fef94a2be474b4a869c8296b44b106552507c1db2e2fdf500d77b7747
SHA5125a2d9f405bbb38bc689eefb492e85f895dce88504f14e48ddecca15cb4fa19497925ffeef60c672ede2246ff9fc9ba9811146b603cce3fdb061c1b7e7f38786b
-
Filesize
184KB
MD5b4e248b8f969358a7bfa32c68bda5789
SHA1201120599bc3a747d419adc989473b524b7bc56c
SHA25653bba6be73ce1c9b4ae9b1810a5225aaa7dfa9abd0ac1eb3e9b9bff37b266443
SHA512bd21e656c602c09e140eb153225054a947e3b446927d8bbe0720e2e6cfeff0b237e0a5deea5d575ee170479e0b8472799f19c553cf3955982123e32cca006c35
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
272KB
-
Filesize
472KB
-
Filesize
10.8MB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB