Overview

overview

1

Static

static

1

file.html

windows7-x64

1

file.html

windows10-2004-x64

1

Resubmissions

23-02-2024 18:34

240223-w72lpaeh43 7

23-02-2024 18:28

240223-w4hz6sff9y 1

23-02-2024 18:24

240223-w19cyseg54 1

23-02-2024 18:21

240223-wzl62aff3y 1

23-02-2024 18:14

240223-wvkgmsfe7x 1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.html

  • Size

    311KB

  • MD5

    cea20f062ebb4e5df6785854fceeeedc

  • SHA1

    7b224ce16763c893f95c408d42b6024aa809a5c5

  • SHA256

    57cc7cae6afa102276b50bd702b867e08b26813d2205b0fc4b482f7bf891ac1f

  • SHA512

    791a3f41c6e8fecce047fea8151ea218bba54634f770fdcebf52248c5ab9599e920cd3f581f0cf9c91dca1952767a4579ccad073544888ed3cc846b8c819bb73

  • SSDEEP

    3072:0idgAkHnjP/Q6KSEy/0HgPaW+LN7DxRLlzglK8hTr:xgAkHnjP/QBSEjAPCN7jB8hTr

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa520046f8,0x7ffa52004708,0x7ffa52004718
      2⤵
        PID:1260
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:4024
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:808
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
          2⤵
            PID:4760
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
            2⤵
              PID:740
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:1412
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
                2⤵
                  PID:3768
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                  2⤵
                    PID:4164
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                    2⤵
                      PID:3368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                      2⤵
                        PID:5216
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                        2⤵
                          PID:5460
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
                          2⤵
                            PID:3456
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5028
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                            2⤵
                              PID:5840
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                              2⤵
                                PID:5988
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                                2⤵
                                  PID:5944
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
                                  2⤵
                                    PID:5948
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
                                    2⤵
                                      PID:6088
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
                                      2⤵
                                        PID:4664
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
                                        2⤵
                                          PID:5348
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
                                          2⤵
                                            PID:5504
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                                            2⤵
                                              PID:5632
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
                                              2⤵
                                                PID:5728
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
                                                2⤵
                                                  PID:5808
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
                                                  2⤵
                                                    PID:5972
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7680 /prefetch:8
                                                    2⤵
                                                      PID:6124
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
                                                      2⤵
                                                        PID:6116
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
                                                        2⤵
                                                          PID:1960
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                                                          2⤵
                                                            PID:4356
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
                                                            2⤵
                                                              PID:5256
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
                                                              2⤵
                                                                PID:1752
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
                                                                2⤵
                                                                  PID:5748
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
                                                                  2⤵
                                                                    PID:5632
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13367693026574695850,11450214683231950193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7380 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5648
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:2620
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:2624
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                      1⤵
                                                                        PID:3144
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                          2⤵
                                                                          • Checks processor information in registry
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          • Suspicious use of SendNotifyMessage
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:3096
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.0.1622854214\1974012871" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20750 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4d2f3a5-6419-4d18-9742-14264c12f96f} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 1976 1decd4d4158 gpu
                                                                            3⤵
                                                                              PID:4928
                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.1.1922774540\1655308100" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20786 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c2e228-db20-4cff-882a-3e3dc138c93e} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 2376 1decd3fa258 socket
                                                                              3⤵
                                                                                PID:4080
                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.2.937037221\875019736" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 20934 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64a152c1-3969-40f5-bb8b-4c527f395462} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3032 1deb996a858 tab
                                                                                3⤵
                                                                                  PID:4424
                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.3.1217337433\2200582" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 20975 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {264d5e86-bbe7-4967-b8d5-36a797b59b8d} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3496 1ded18d9058 tab
                                                                                  3⤵
                                                                                    PID:832
                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.4.72320072\379003094" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3656 -prefsLen 20975 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1f52b1d-daf8-40e3-bd7c-cc911762a5c4} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3512 1ded18d8158 tab
                                                                                    3⤵
                                                                                      PID:4360
                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.5.114086009\1273857997" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 20975 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4fa6c8e-d101-4cf9-9e77-c82346126223} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3852 1ded18da858 tab
                                                                                      3⤵
                                                                                        PID:4756

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    1af9fbc1d4655baf2df9e8948103d616

                                                                                    SHA1

                                                                                    c58d5c208d0d5aab5b6979b64102b0086799b0bf

                                                                                    SHA256

                                                                                    e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

                                                                                    SHA512

                                                                                    714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    aa6f46176fbc19ccf3e361dc1135ece0

                                                                                    SHA1

                                                                                    cb1f8c693b88331e9513b77efe47be9e43c43b12

                                                                                    SHA256

                                                                                    2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

                                                                                    SHA512

                                                                                    5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                    Filesize

                                                                                    21KB

                                                                                    MD5

                                                                                    660c3b546f2a131de50b69b91f26c636

                                                                                    SHA1

                                                                                    70f80e7f10e1dd9180efe191ce92d28296ec9035

                                                                                    SHA256

                                                                                    fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

                                                                                    SHA512

                                                                                    6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                                    Filesize

                                                                                    83KB

                                                                                    MD5

                                                                                    3d4d13600cb798c9227454ad8a5e7624

                                                                                    SHA1

                                                                                    26849436f59b85457ad18ee84a75b36d09cd2d3b

                                                                                    SHA256

                                                                                    10a500190c409d388b8f5386812a0cd0aca44fde2eecd1c9b8a50155b234124f

                                                                                    SHA512

                                                                                    3fa58623131a9a69015eb2a614c3267dc57fca4574b8204e6a88126d7bd93cdb315abe7f647a47d712ee28409f4d5713ec2c97cf4b5721ba4cf1794e67692348

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
                                                                                    Filesize

                                                                                    20KB

                                                                                    MD5

                                                                                    87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                    SHA1

                                                                                    eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                    SHA256

                                                                                    e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                    SHA512

                                                                                    37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    8009b4756b5e3d17096af69e69ee13f1

                                                                                    SHA1

                                                                                    76ba481dd4b3f69b3478d7cd169b041b59a72790

                                                                                    SHA256

                                                                                    b5ae26590abbcfb7b8e0260d64056267a6d4a9db0b727a1dc205a8d3efc90745

                                                                                    SHA512

                                                                                    3fa714875df9189c54f33e180540e870d636cfea32d6e03e4592f5cd779a5c2c40f1f004cc57f01e459cff25d45398356c90eeb5738c676890e828796b4ed05e

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    aa28eb06023193a0ae46504efdf26f33

                                                                                    SHA1

                                                                                    4a9a60729276b73b450ba77261978ccb38625443

                                                                                    SHA256

                                                                                    1886f6573855ba6a20261f2a68cf2f3254d7a4a8363c07cbfcad37cf4a12f873

                                                                                    SHA512

                                                                                    8d75e9166c8ac0fa37d15e59883f73f94c470aa01461396bbfd491bda59254361269009643846b575ac8293141e2713b717188752030247c58f22dbd4ca8dbfd

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    4e3d7d93307916b0981487f17069e089

                                                                                    SHA1

                                                                                    16e00e5d934a73ab69da7961915d5eb389d51056

                                                                                    SHA256

                                                                                    222fc455572830746e93c7708d4e98e29a6aef982b2e09c6c7aecebac7f2b5c6

                                                                                    SHA512

                                                                                    eb285cd237e413e68daeae16506b2f131f01945ddbfd394fcee358295d5605b2260e9dd88ba47533bc06440ae5b403e8483d3eeeda854ef517356eb17215f10b

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    25360c3e2fc1d3b827f4d0eac27f216e

                                                                                    SHA1

                                                                                    e28446da4cec16f06e5094426d6cc3678e889f2f

                                                                                    SHA256

                                                                                    092b9dc2ee27a128a1851ee23f2827ee3c435cb42c8e815502fbb6512b4a2bb7

                                                                                    SHA512

                                                                                    725018d42676f967bca735b4ace87dc247a6dffb33fcbfe76d2eea0e1fb14b97ce303f681535903b099f04ef7ea00b28502dafe1294dc60c6ac8cf17af26fb17

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    13KB

                                                                                    MD5

                                                                                    df43ae0ceaff16a7204dd95b444ed30d

                                                                                    SHA1

                                                                                    5a93ef3943bb077794c9cd06e17151197f9b4b56

                                                                                    SHA256

                                                                                    89aba62b8146f1f74929773aaba790e4a6be3a2257699429905fffe31229c2f0

                                                                                    SHA512

                                                                                    bf26ed32fd51dd86b08122c3012d3dff2d5bd6767d81cdea73f3fada936b62c3845a3bac3d9646154717dcb472a09b552f46858c3dfb10938b8c7b761976088a

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    7KB

                                                                                    MD5

                                                                                    f67d8b0f4ece813cd896e22984e17f89

                                                                                    SHA1

                                                                                    33bea0f5892ebfe741c1d1b4d80fad4594cb0c86

                                                                                    SHA256

                                                                                    3aff32ecef67da21834481f00e68415fa4d5d4c0cc53b1b68f1befd85fb1a5dd

                                                                                    SHA512

                                                                                    433ad8f57a01cd1f0ba9092bdb456aa7bd3678a4574d2a0e8f1adea938a416d9516b65233839004a592af5c38f2bb73d559fad2e71e6baa1ca989f2597cd4652

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    7KB

                                                                                    MD5

                                                                                    2a35c750ab92fe90a1d6ae671b2373ac

                                                                                    SHA1

                                                                                    19cdc94218def90c5a299a345ba19a68d32d648c

                                                                                    SHA256

                                                                                    982aee6c3781d1908688423ac66a6fff18c1ff16ec86886681d5ca30c5590069

                                                                                    SHA512

                                                                                    f7bf03d68e22f3dca0b583c3956d2ab880dec8987377c34808864c8305a2f2f4ef708aedb3d14823e80dc1dac26e304d50b6029f26d3b6aa3d06efe0bb8c68ce

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    14KB

                                                                                    MD5

                                                                                    d53d6e0f0c67ed64b05c4659ac818a49

                                                                                    SHA1

                                                                                    b5803f7b16000e48cfa43f947b62b64c109a3767

                                                                                    SHA256

                                                                                    849995067ccba7195b48d074ade6b4eabcb16ace9df1ecbc64b9e440389fc0f3

                                                                                    SHA512

                                                                                    67ad5d460a0a263623dcda147d2dd03161996d546381ba48c999caaca72def72e9f51ca700a8a14276387f8303e75340a66cbbb34a68c3e78bf3e4a6709a0e24

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    505934ed576f463b16c307e59b94532b

                                                                                    SHA1

                                                                                    72e7d07c268e675c84ead9ea15a9bee8ff11931f

                                                                                    SHA256

                                                                                    b7b18a8231f527531150b0e2b61f5bfffb6f571ce54060be091cb5474ccf7a8c

                                                                                    SHA512

                                                                                    490cae65660a5fa3cbf6e830667c8db582334ad40a7079fc9d912efd7ba547d908e10c599cbc8e58ad9e130a47a4de80089b4ad4a89d410361201da465716dc9

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    b1e6ce756f23d1e5cbb5ec15fab7d746

                                                                                    SHA1

                                                                                    35a2d1420e6f4e8211aac0dfe4cea09b28226c58

                                                                                    SHA256

                                                                                    474adb250f7ded90dd628ba40396f5cf938f1b1b181fe921cbaea2b5eee89f85

                                                                                    SHA512

                                                                                    4d526755185ef22d05857327630790b2c330916943bf1ed31af8717e9de71ec7f7ed13baf7d9f4e0983ec8dc52163f56672996edfce703b2be3029c0252e3951

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    4KB

                                                                                    MD5

                                                                                    2de9bbdbc7d147f96ae9e20d661cb7b7

                                                                                    SHA1

                                                                                    5cc96e7fc4d577e61c7cda10f8962ec60109efa1

                                                                                    SHA256

                                                                                    118167470bc4549510c0f2f87eff104c07d4469b9e1aa62e4792ffcea5b4c3ed

                                                                                    SHA512

                                                                                    5a6ab7e33140ae02e88b771b2854bfa8cd14c7515ade1938a703e46f1d8100a43af1c5d2c72778e82f4bcb66fb118c153a274aefd5843bde5cd83a68a013bb73

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58992e.TMP
                                                                                    Filesize

                                                                                    538B

                                                                                    MD5

                                                                                    7fe3aa943433ac0fe50a8b9ee5751ee0

                                                                                    SHA1

                                                                                    692ca082d1ada141ba24941e172fe6e80d569a21

                                                                                    SHA256

                                                                                    bf4625b970ef7c39e9fcc574d2a08fdb0ce21c1b100a22b5b5f13d76ff0f094d

                                                                                    SHA512

                                                                                    48dada88bce37a3c2e564e553952f2d4acd953759b9af45ff50987091fc64e5a5c7d8f356e0056b43aa745470e054a11feb36c2de81d6b1f99ed64d0a78cb8e5

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                    SHA1

                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                    SHA256

                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                    SHA512

                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    c56064877288f0ce35c0f4fdf97fa470

                                                                                    SHA1

                                                                                    2b91bbdbaf13a9f762dafce6badea460f1e1941f

                                                                                    SHA256

                                                                                    9adc0d803bd4f76e7420597c86600f8cad4d7b00ae118635e88b0b2da6246c25

                                                                                    SHA512

                                                                                    befdbe9f8280511cc0e3e34f4329eb64d03af16791d9fa36e1b67ce9878747cdf3a6dfcc3c16aef4de345d021ecaad8bcf8ec27ff25659a17af67f68ba201540

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    62cd3c0aa932299608e9a2163510545b

                                                                                    SHA1

                                                                                    6e179a9c30f4a24bf0fe7a3e80302728b29828c4

                                                                                    SHA256

                                                                                    65d729423af27a73b4e371b0d3386d49bc707e9411444b1cbf669dba61f5cc7c

                                                                                    SHA512

                                                                                    e61083f2b37eddb9382bf515f761534d6809a7f238074ade40103f0d89fd96f6ccf134853e74f045b67f15472ac14eb710a1026982a3b060b1c4ca63a655c422

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\sessionstore-backups\recovery.jsonlz4
                                                                                    Filesize

                                                                                    271B

                                                                                    MD5

                                                                                    48786bd279902ac36853aab9ae0c0c11

                                                                                    SHA1

                                                                                    09d5a5b9234005a30839f7a29d2b503b993ad014

                                                                                    SHA256

                                                                                    61f1f91e24a17148215453206691a6b7ced33d172b2ccb5ed0192d9b0b4f2863

                                                                                    SHA512

                                                                                    f37ee1970afe6c02d0a48850d5be04fde4ce9b03fdf8030e6f3f09caffbe3f82acc44aa468a1492f74d4030085807474f48b5838b66595cc708fd953918546ed

                                                                                    Download Submit