Resubmissions
24-04-2024 15:34
240424-sz7wysce91 124-04-2024 15:31
240424-sx1pvsce5v 1024-04-2024 15:26
240424-svmp8acd7y 6Analysis
-
max time kernel
173s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
24-04-2024 15:31
Errors
General
-
Target
http://blob:https://github.com/ebef803d-ff66-416b-b817-29077b40ed1c
Malware Config
Extracted
metasploit
windows/single_exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 53 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://blob:https://github.com/ebef803d-ff66-416b-b817-29077b40ed1c1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd492f46f8,0x7ffd492f4708,0x7ffd492f47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5652 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5720 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6864 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\$uckyLocker.exe"C:\Users\Admin\Downloads\$uckyLocker.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,15008996952730368738,6012573150130187519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\GoldenEye.exe"C:\Users\Admin\Downloads\GoldenEye.exe"2⤵
- Executes dropped EXE
- NTFS ADS
-
C:\Users\Admin\AppData\Roaming\{73ab274f-de4e-45ee-844d-e2e5f4adec7f}\CertEnrollCtrl.exe"C:\Users\Admin\AppData\Roaming\{73ab274f-de4e-45ee-844d-e2e5f4adec7f}\CertEnrollCtrl.exe"3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.0.52637466\1292217724" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac5ff7e6-5162-4ea6-a4e9-11b6b7497335} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 1832 2020fa10258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.1.405801938\473259893" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {260001ae-bd7d-4c16-a41d-a7f79782acec} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 2400 20202d8a858 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.2.1714588258\331965861" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2828 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb6bf3ae-d2f5-47ed-b700-cf28e6861b6c} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 2804 2020ea96058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.3.836379811\38231444" -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00bde183-b6bb-4297-9067-349bb25ac0d8} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 3960 20202d7ae58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.4.502114744\1495174419" -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5228 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51909379-16c0-4f20-9790-b0f2357845fb} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 5240 20216f3d458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.5.1960323665\801637246" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 5184 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {271a9de7-b629-46c3-a081-026834405d38} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 5380 20216f3da58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.6.2036289441\2031748393" -childID 5 -isForBrowser -prefsHandle 5572 -prefMapHandle 5580 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe71806d-e9b8-4590-b7f8-112ead59744c} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 5564 20216f3e058 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
Filesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
Filesize
4KB
MD58e9fc284c83cda36502be187979db78c
SHA16805962b02ce2906b726146421b7727c44331960
SHA256da86047c63ad5cb0a82f09b26a9a46804a5daf38eb0cba45969c1d2827cf2d55
SHA5127e5015ae8e4e35e018f7c1757c48e1421df222e8224e9af14fd89efb77793aaad84417d0307a6addfc6220813babcedbd07e54048ed249f7ca819b3f90309b03
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1KB
MD58578147908be0028d63d8cb60cc312d1
SHA1a23d42656891edee06cc1d4afea2bdcfa9782520
SHA256b5297752f4be97756e5b52ebf61cfe61f00a8f7ca8365b85004009e2830006b4
SHA512431ad5f3b07ab4ae7e005c044a324245d3e42b8f2cd78e71f617ad56c3cdfe4cc7a43e2c3d2de54d31bac99170c618f6ad05aa745e8c709465be75513c4b0a3a
-
Filesize
6KB
MD54318444459f4faa45568c1aa16038442
SHA1fe6d66b9e1a58b32841947208abf034d14625386
SHA2567ca0e95d65709b72e465c367fbf5b6c582f6add0a999f513876f353f0a45a680
SHA512b41f26aa03a5d961b9ed3c82d38632f93eafd7ab01ea51c80fc3042493142968a54eea9429bde705486297eda4efb3f7319a80803ca8ad42d044f398b34c11d3
-
Filesize
6KB
MD50882d9e588f65eaab0c901c5c530363f
SHA10b2beb36b9ef714de129e6c413ab593f42bf99c0
SHA256a6cb2c4e05b8bd3f3ba4aa2235af10e03a7a3ee558f25924f04b96051e901788
SHA512b8b5500df29dcba2ef29b6d7e80a6765280c6b658a1f0a7b6c474c0014047dc9759e1431a02aa8b4f2a59f98f42d18177f0bde5344d88ffee4047c90c3ad2d54
-
Filesize
7KB
MD535d7714c919e1746240298fb9dd14812
SHA1b5138de6811a3adb041234b5b2c1f98652a96fa9
SHA256300f0029526ca28eaf8f21e2ceb165bb088b6aa5c33a37dc931e517f6b1988f2
SHA512a4204ff7846744d327b1426a26818beb257bfbdcfa3eb86b9fb4b5524bda2cba545ccdea91b92d1b0cc9bd675e3a6cbb5b614ece078227dd085bc629731ab7b6
-
Filesize
7KB
MD583d3f6cb96d6fc1e5e38a946ed983cfa
SHA184c471128eede3116c0bc82f62d74d978fe9b3a0
SHA256494b7e9d8057779452dc50508ed1f1fab2e03fa6953dd946f73a8d757b12bb10
SHA5126058a832be89a786e830f3a5e66b60b73bdd77c2a8550cb99347d12370c62c6662e1f665e805cb25c814e0302eae4c5385ac698f106f0053e80517a28fc71741
-
Filesize
7KB
MD5fddd0a10e90b54fe2031e872f71019de
SHA1dc8856477144858804e33e5ae0e7af7675aebbbe
SHA256c2786da5cf6e1715506357b73aeceff9842e4fd6a081d507386ad8f28d73b2f9
SHA512b620427e9f1c5bee79e7918d798e3f10b63d9c6ed36d6cb06a880d2934f2151b45d417e0e7334df64b01321bccfbbca26a5dc4afdc312f62cc1f8ea24aa9bff8
-
Filesize
6KB
MD53ac66f2f419560a947bcf184ccba7005
SHA14faa46ce56b2212c834761f1f2476c4868b13df6
SHA256b59bd08b2aac99cf49f7e43cf017cc8e04e2dfb73b8ad00e8a6c68a185254f46
SHA512b7b169db4bcd792c433a0a5523af81fca04c2f2701d5dd5ca91bb246dda7439b05c2e5f82e478e001b102f48d6280c741305277c6023e4e68d9a6be4bff5b6d1
-
Filesize
1KB
MD5427b3186b567ebc449e2213481e27ee4
SHA16c632a3609a76d4ac3487f9bcef80dee06f748e5
SHA256823fa2d194e2ed91e182c98dbce55164db8b438d70491ec8bdd8b1889d8ebb14
SHA512bb01612b0b11fbd27c37c9f7ee5d1ec25f34fe45c5fdf490cccdf492899296311c81394a9429f8f7768b89b22f8f94ff1cc284ae09e42a4fec710b46385d7fe7
-
Filesize
1KB
MD5c7a4650c50296187db9a5545adad498a
SHA18b5a592b520ad8414bf4f824cddd4cf6df0f0446
SHA2560c0a21c15cf7f89dd972edc80cb23e2fa4ccd408937ac0f07282099f096e6da8
SHA51274da0613aa996d2ea4d2e37854b3681363d7d2a168cdabe454afb78a9d75fb52dc3463ba37e13918743e8fe4b7129b2463b82c46e614f2e05ba56430d545fcd2
-
Filesize
1KB
MD58166875309d57dda5d9a553dd29293de
SHA1b8f523ed4db712bbcde2a39d1a61fb08aaf21cb1
SHA256278481292cda8c5b20137aacf725536bb3c40bb89d28b1c3b9f3a96e142dcccb
SHA5124a312473c16b85c25894d91f5f9f2fc50326e3bd2715e7f2930c4db32aa405fc743fda07500f1bb76514f72f6c8d56dbefa8f3001735cace341654699d594f7d
-
Filesize
1KB
MD57d1f853268c83cab5954cef80f53e1b4
SHA1907a77e13df79dde6fcae9e592ed4fd5cb666f6f
SHA2568183d8dd9a5823c84fc6bbbe677b92083987a8a74894a05cb6b907fbb976177d
SHA512210ac88078e77c1dcf79e15ecb14b8a4bf6804527b15ab35d3c186be5608582f6a2738b2fb49265d3bf0d757f67ffe75a696870389b4c0bd66022b6d069b45c6
-
Filesize
1KB
MD5f3534c2fd91f8516172d8995aefd229e
SHA1b5af1229cdf127249cf871482e624cc2b0c0929a
SHA25608e399c332508b77f263b9d08d1ccf16726e1de4a49784c14bc2e0a6ed808f70
SHA512ef41ea055637710662b5789bea1e6d37637f85efa163005a6a6b781467d51226402a1612133f00642e0ce035a8efa530d287e6b02fa681af92dd3101bed0ee30
-
Filesize
538B
MD5b50ac0673e48c023e1ccc43d9dddfdd3
SHA14270151637109519988a590a25ba14207c236347
SHA25607d3aabf36263a6f5e4e57e20da0e5392329cdedfc2b234ddaf3ab2c8eae0283
SHA512e87559b6218a5e8bc910fa15ed07ea7a6112b1db47bbe667e8d61efb74fe3e946d9a4127b5095d463bed1dd296182d5e970a501d84f9bd54dfcfc17565c55ccd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD530f55e3c8fed6c0cc57bed0d69624474
SHA1c4f62244fd89f3ef79966f7d8fa303bbcd207ca7
SHA256dadd76a57f28d1b05db135875140f3a9318d3b6030ca862eb37c143beb342b76
SHA512c847d16f94896fe4265080ca556ab1b37541df2572063e9e425f3d88388aecc514f47fd9787d4b80236a1f582dd132b0e342246f3610b8331247e57232ce201d
-
Filesize
11KB
MD598bbbc05b944bf327b94ad2b2957fa27
SHA1cc39b084589dad812f6d5d3ee26cd63f3141bcca
SHA25624d4defdfea4e379d6297dda4e81281c04e260ab9ac73295a9789546c4807716
SHA5126c17b02a7b102397e76a017bcb9a1e2b80cb6dcbb28655475f6a8356f79141e495e2ca81def6888c7f21adb3b7a0b50d3fcf2be823e96743d97f4a08922cd251
-
Filesize
24KB
MD547bcb3ab53ff6beeeb9c0b3c654051b7
SHA1c018aea445abe7784f4f3b2d4834861a4c4137ad
SHA2562745ef6c74a232ef4a6ba937a9f5919a390ce9f56d0125f65042f49c6047d792
SHA512c08e1ef6f2f349ae880f08fef834ffeba4c87a33058a935bff00301728a497b3b5196e8fb9d05364b118d0f9aa0759a119657b8a63f43c3f59b096c80eeff404
-
Filesize
6KB
MD53bc4a6f8aab385a3ea8ea7607b79ab46
SHA17c8fdc0da559123622198c8d64f7a4aa6e01b013
SHA25660724a1bb0f48fdae1ca8299217f554098dfb4478079105befbb45f99864fcfb
SHA51224c0452a259e2b21ca3322a5802af50276a187dcdce6388184d2d7787e96dde4c7de6e3bec9fb0b6d3866268d0357d6bbd65c64ca7a7ad4baf341402c4f155e9
-
Filesize
6KB
MD51fc736b3346fe43deadd83d4aab0c413
SHA17bd7723cd93dfcd524c89084f3dce189fa43ee6e
SHA256db40d72993b98edd094862eeee60ab4460a96a33e5f89be92322dc5bdf56dd84
SHA51266e908ab475d50906a3a62a0e0cea1aa05a6c0415553207a9674fc00d0cf21bd862b88ff2de6a3ed6749947c33ca45bd63feda40c8116e535bf4c9ff59da1aae
-
Filesize
902B
MD5205f3f2388e7bd74745c667f8ec0b950
SHA134aacce1819af8bf97ec9b9f6955818481d2e316
SHA256935b2e6ec20d715de0cec51d17d02c671f8922956f7436a8be288dce602c9c73
SHA51250265468b310096ad3b72f86811bfd1003301736bc8042c3978bf3a3c972c88512f2c318f20159c629a7b88a64b10b09b38eb3da928a1ce9e98f1043fd66b0fb
-
Filesize
255KB
MD5b769beb9c07d40f326f312a8a7f24bae
SHA10e923fa0804d4a2c115f5f642fc36758b3bca3ac
SHA256bf924a557551501c08d6b385d3c8e0211029ecd95f05790c56f381fae317efe3
SHA51237b23e2c5142dbe57e3ba8023f7150344e405e50143aa53a9a3e80cb09e115f63ad06e83a1c067e7f431877b518ec9ea3bfdb7379aef0363d488f7041aed7e61
-
Filesize
414KB
MD5c850f942ccf6e45230169cc4bd9eb5c8
SHA151c647e2b150e781bd1910cac4061a2cee1daf89
SHA25686e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA5122b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9
-
Filesize
254KB
MD5e3b7d39be5e821b59636d0fe7c2944cc
SHA100479a97e415e9b6a5dfb5d04f5d9244bc8fbe88
SHA256389a7d395492c2da6f8abf5a8a7c49c3482f7844f77fe681808c71e961bcae97
SHA5128f977c60658063051968049245512b6aea68dd89005d0eefde26e4b2757210e9e95aabcef9aee173f57614b52cfbac924d36516b7bc7d3a5cc67daae4dee3ad5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
88KB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
440KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB