Analysis
-
max time kernel
289s -
max time network
247s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-fr -
resource tags
arch:x64arch:x86image:win10v2004-20240508-frlocale:fr-fros:windows10-2004-x64systemwindows -
submitted
13-06-2024 18:09
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win10v2004-20240508-fr
General
-
Target
file.html
-
Size
312KB
-
MD5
1110aa8ba9a75410ee1048d1eb25315a
-
SHA1
d00951997755ab24c80f6e55cbefa996354e96fe
-
SHA256
90c3c33371b401ec40a9f7ef8268634369efc83fb92fe7eff28d0d9d6e2e6f12
-
SHA512
def2887f333b53d99babe3c4b2085447704fb851e1a15ca8600cb227234bbd6b85e259941f342d4954a1dc2cdec4b92d8e19465402f6112f33daec2be04880c9
-
SSDEEP
3072:sirgAkHnjPIQ6KSEX/pHkPaW+LN7DxRLlzglKcVEMk:XgAkHnjPIQBSExEPCN7jBcVEMk
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
firefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 8 msedge.exe 8 msedge.exe 1408 msedge.exe 1408 msedge.exe 3792 identity_helper.exe 3792 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 4144 firefox.exe Token: SeDebugPrivilege 4144 firefox.exe Token: SeDebugPrivilege 4144 firefox.exe Token: SeDebugPrivilege 4144 firefox.exe Token: SeDebugPrivilege 4144 firefox.exe Token: SeDebugPrivilege 4144 firefox.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
Processes:
msedge.exefirefox.exepid process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 4144 firefox.exe 4144 firefox.exe 4144 firefox.exe 4144 firefox.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
msedge.exefirefox.exepid process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 4144 firefox.exe 4144 firefox.exe 4144 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
firefox.exepid process 4144 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1408 wrote to memory of 4348 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4348 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 1512 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 8 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 8 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 644 1408 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae8ec46f8,0x7ffae8ec4708,0x7ffae8ec47182⤵PID:4348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:1512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:8 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:12⤵PID:4564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:12⤵PID:1176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:1768
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:3208
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:4052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:1368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:12⤵PID:2712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:12⤵PID:3912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8768216776596853444,15918801555333204271,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:12⤵PID:4948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2348
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2352
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4384
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:2184
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4144 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.0.6751419\1205574912" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be8ea48c-d639-4f45-a9f6-fd8307e9fca2} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 1868 1c843f23458 gpu3⤵PID:1876
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.1.1599245647\1118893325" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27f1a9a6-3922-410c-980d-fd15ef9979f7} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2432 1c83718ab58 socket3⤵PID:2176
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.2.165095960\1115766527" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 2876 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4f3385c-6d15-4d86-81da-58d2f9e69541} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2696 1c846d18358 tab3⤵PID:4044
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.3.1128465951\1046335867" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0be1fe8b-e627-4d6d-84f2-2bb038445ff4} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 3664 1c83717ae58 tab3⤵PID:1788
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.4.330349802\1224126137" -childID 3 -isForBrowser -prefsHandle 4276 -prefMapHandle 5084 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {107364d1-4a92-4643-bed9-de9b4c477f1b} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5060 1c84b053258 tab3⤵PID:1480
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.5.1855452104\963769797" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da9509b3-3920-4664-a787-0caab1087332} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5220 1c84b052358 tab3⤵PID:1488
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.6.512753710\990890636" -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5508 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb45f8c8-462a-495c-b1c6-766683f60442} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5520 1c84b053558 tab3⤵PID:4308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD5c07d2ccbcfab05a983aa605138e73354
SHA17ddd58b8fa9240e31097033c8605065f1f6ed419
SHA2564e2e460b32a76752112ae0e6a766d9f6f6f13aeb6f5eaaaefeca497abd3c0da8
SHA5127a45e1326c988f4984f5da3e54446d09c8e683b55df3a2f4c763f38af1e6f39e78f7d15a23c4ba11e0dd638d889d09885e1a1e36f27852820ffdcac00b21f6ec
-
Filesize
6KB
MD53749185fe825ce58bc33c1f265ec3ccb
SHA1eb613f63925205a43f98fd8bfae551fa078c3c95
SHA2566b93e82d83f9121a3a869c63eb68b887f9a6c32ba40d33af1f03c5026a1d8ae0
SHA512277ef52e9513746a1aca2339fb21d8eecbd12f0914a82be8d42b69829a61a7988193e37d369ccce864add07a62c5ba3dafda080a0c7dfbde0c84fb11ef70e768
-
Filesize
6KB
MD53d1d5052f4aa84565ed77ba767a39565
SHA1fde998b45b486e9bde49d621120b0c44d1f44440
SHA25623ae40df5d8d8691806631789f93a97dd54e1e779ee7bd5f2896f9f98dbd96c0
SHA5126a131a21a43d54c34e6c0e36a8c0c11fe8e27dde11201d395ef00a8766b9d878f2996e03f3f739d90d34632d6e6bfe122b4fb2c2368333937cc9b77d3279601b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD5856c73e44bb00ff7ad2ea18c05840a4c
SHA1cf6421d49bf1567fb3156fc8d488c1386334c1d4
SHA25620c73c7552d2317cd57d5fe249e8a154f8963bd7e09322225a4255d2ee44d915
SHA5120e9032026bb74b9c1d0825dda1968aa2c6ed710603e05c599a355b5241076c2d180278015ae412d9ea548ed00b5c9a222d993ca7eb72116d6670841011286b52
-
Filesize
8KB
MD5bb105f443f30dbdc60d552dd10cf12ce
SHA14437159982b344574adcf6d5b520d06d567ae8f1
SHA256c9dc97fbded0b1ca931c77d27a44b2672b59b88e76be5ba92dee74129aa5e2a0
SHA512ead77904192dcb4f9b5f50bc56a46b220bf93d2ddb33d43e44900d472b260517ce9472175c537ed41acd0ba71e13d8d75cede61ef09cbf80f54dfb68b40ac366
-
Filesize
8KB
MD5fccc1cd082f5e3ddc6c635d3eb4e0631
SHA19e0a4fc3aa3ba60016d3a9f666685b5e6632dcc8
SHA256bb414ecf6d3d0c216fd4d08236386df01f6ae10e59b7d14354f99b75cec0207e
SHA5126040e33933ab1941df56d4b240c1e131fe1c7aa6fdaa236012cadd63a1fc525f56b8099bbaef2963e22ad5eccf2003549609595c4864ef54507dc0e0f2856e60
-
Filesize
264KB
MD5bb6348adb06a30e230841948ea1c1eb8
SHA1379a254829a5e3c21cfe924914186c1ff19c004e
SHA2566f938b4b96a79c66a697e8f2704c14529906563625b311ebf9a3254305ae895d
SHA5125e8049108f2c666694a644ece04e515e1ae71b06d00f67d3d49661037725a4963aa5460fd5d4e999df10400751b6773ee610a723c790e2369758b42fde65b86b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
Filesize23KB
MD564ed7946a1ded606b049f654c5a904e5
SHA16072d06c8dbb0352a0489593922296dd5acf3e8b
SHA256b43cdef67afd1f169fa1ba0461b92f1aa1a0895df29ca2eea38c353a812792e0
SHA5124e949a697ba1d7ba9fff80fe74abecdaf601474e8a279c936db70e6cbd89bc2b0e3cf6d3b960260b3b711e136651a9e2fb4c96e3af62db343df35c9981a55a60
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD56f2603d4bfbe684c2a6a958c5adca22f
SHA15631b205f25c014357e29e837cf66a0277d4836e
SHA256723c862b5b846b29a63b7f23471cc8b4d3c128beaefb8fff4bac982fb99d18eb
SHA512882ea8e591f75e2596be6dab763bb8c64ff9b1a6250ecd685ff89079ea5e015804775012d73fb00502a364f190ee7ac25248f1b323703fd34be2d0aa4d2d0c7b
-
Filesize
7KB
MD55189b96ee6d7c4889c6c63df48e5ce00
SHA1db8ef0145a496b1d4bdfe0dce9d0900896ca6b43
SHA256798a0726f51c829c043454c2ba0a8b035ec323d9ecf4b7c308caddbf6cf6bd65
SHA5128f5afeceda2b515728d7dbde99c116bc82fabc3cb91b40f324d40b17b814d1601b9cab75ef9e168dc3a9e3de959cc6e62f25395c33a02423864ac1d175007caa
-
Filesize
7KB
MD541bb9a827df290d19eddf198106cef6b
SHA1ee1970498052bca17354b80182c3f8d1c3ca0622
SHA2564110b34a9a5b2ceafba570138d4dcb0399e70b117bd7385f3bd86a84f4da934c
SHA51227b7d1b6a24395e1c44509d1866c9e21c90351ab911e722427a6d332a41abc68b539933a68bd905317b41674d3365286072b228eb8141a74bf6ba251bf10457e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5d34715cd9430c2802a4ba726352513f3
SHA1587af6cdc784a81652b759bcc9a70f99c9140939
SHA2569a5f0c67bedd15a90099c1add7911a4035a3d53ee456fefe9f97c5e6680e279b
SHA512bde57cfce189b88147794caccadc5819ca3e08e8870e9550fdb4add42e78c03c2385f3c43c6b57c800fc3c7fac55de639c67bef6084711ff3bb04dcd33962e52
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD50e9ac852e7b7c11f5e61fd90e7e8dced
SHA1826b4708f14e8ded8549164d0558b4e15aace35f
SHA256f4122f56d47560af4f458ce5eb87804b3d156bbc02c1d4ff7cf03abe626ad074
SHA5123591bf328ed568ca8a23b49750445d81e4565940f04b61159d373b831cab4d13fe4d499e250434cdfba1170c6d3fc4d039a0d802f8a244bf510417b9f3436ddc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD58bd5092befdd41eecc806c2fcbc5dec4
SHA1f319a7b4d13f88ccde6a0bc63b1d5075e6cbd465
SHA25644029fccb7e20893d0b33c18970d8ddded6bfc9ec4bce8297adf3d1011dd1ca9
SHA512b4d07b14fbacb2b6d1db5307ab80b47e55524027444d6dfd2c4a5f17b8637567c1a5e6084a79fe0e25148a24a089dece805814cfc6f12bad16ee12fd3dc6da83
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e