Analysis
-
max time kernel
86s -
max time network
88s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
06/07/2024, 00:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1f9eq-XL3R1GglTEuPkmeT8oTOsK3NU9m/view
Resource
win11-20240508-en
General
-
Target
https://drive.google.com/file/d/1f9eq-XL3R1GglTEuPkmeT8oTOsK3NU9m/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 1 drive.google.com 18 drive.google.com 27 drive.google.com 32 drive.google.com 34 drive.google.com -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 1056 msedge.exe 1056 msedge.exe 3184 identity_helper.exe 3184 identity_helper.exe 5092 msedge.exe 5092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1628 firefox.exe Token: SeDebugPrivilege 1628 firefox.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1628 firefox.exe 1628 firefox.exe 1628 firefox.exe 1628 firefox.exe -
Suspicious use of SendNotifyMessage 17 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1628 firefox.exe 1628 firefox.exe 1628 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1628 firefox.exe 1628 firefox.exe 1628 firefox.exe 1628 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1056 wrote to memory of 3400 1056 msedge.exe 77 PID 1056 wrote to memory of 3400 1056 msedge.exe 77 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 3484 1056 msedge.exe 78 PID 1056 wrote to memory of 4128 1056 msedge.exe 79 PID 1056 wrote to memory of 4128 1056 msedge.exe 79 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 PID 1056 wrote to memory of 1252 1056 msedge.exe 80 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1f9eq-XL3R1GglTEuPkmeT8oTOsK3NU9m/view1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5c833cb8,0x7fff5c833cc8,0x7fff5c833cd82⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:12⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2468 /prefetch:82⤵PID:3760
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1572
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:4828
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1628 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.0.1255703437\1676473241" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09c57c53-e4e5-489e-8e5c-f40b896ecaf4} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 1864 2383c30ce58 gpu3⤵PID:3940
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.1.1339876478\868668350" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b38edc99-438e-4839-a371-f2c24ac564e5} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 2388 23827f86658 socket3⤵PID:4164
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.2.716274226\522242311" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6b6338-f008-4d5d-ad6a-35bb7ffaece7} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 2960 2383ebf4558 tab3⤵PID:1924
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.3.1169524442\484082244" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e210c0ab-9fc9-4de9-ab34-a99a98f379da} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 3632 23841c3ab58 tab3⤵PID:3448
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.4.2104493764\2134550145" -childID 3 -isForBrowser -prefsHandle 4892 -prefMapHandle 4880 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {821bdd0b-b4cc-4cb7-9f64-883d7a1d8be7} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 4912 23844069058 tab3⤵PID:4828
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.5.2024052019\712281763" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad8585b0-ece0-4033-a874-099457ad2cf3} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 5056 2384406a858 tab3⤵PID:2768
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.6.444961174\588030797" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcc8e182-c2f6-4310-af64-e1f51aae3631} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 5304 2384412db58 tab3⤵PID:2352
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.7.311519560\154355370" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 27769 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e011ded-b222-4eff-bd5b-7a3af5784bfb} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 2696 23841c3cc58 tab3⤵PID:5556
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d56e8f308a28ac4183257a7950ab5c89
SHA1044969c58cef041a073c2d132fa66ccc1ee553fe
SHA2560bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189
-
Filesize
152B
MD58f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA13f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA5129f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703
-
Filesize
5KB
MD5104731a5f9c9cb6acb4396dbaf4579a9
SHA1ec11fdbd4dc54acaf3bbe81f123fd03ce4035956
SHA256a9155164c303c6b11c134a628ce6ecc776593809afd3c06ece918daf793ea0b5
SHA5125d1287695b84b1a43a57ffcbb37297d4927071b6a069fbd1003bd7928a8361cdde0b7b2c6cb5a995af8abde40de6b9ee490dd801f019a7a6758c457cb8b45790
-
Filesize
5KB
MD5627ebdaa4158dd8661b6774db5c5363b
SHA1198aacf6169a32a4a1a623b38d5fb365fbc12d94
SHA256f146b41030e6275cd937a2a0e51c0da6b94c0aa5ff4cf2142ccd77850b14147c
SHA512b54257438912cbd0e8fcd2c6e3bc9da7c3da8b4ddb8d77ed0947b5141813eafbb74e9fa2e15aa72d5d423de1282c2bf4588294bf6818a7c9278f2455634c7780
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD59c3f4907b4f8672f8a1cb876bf1e4614
SHA135d9192f0dafd3bf4676ff3d25f05566a51dfb56
SHA25663ca73efdb7fba4223f40f57333aea31817c2a5547347066fcc934c0bcbe4c04
SHA512d0bb90499abc39d1473c3265b86b80b63b3c29ed4370a5b9b0e95630a2ff878f9d427d06c5ba0f42bacfa96262c39258f3e0bd9b2162cc52af74b8507e809e88
-
Filesize
8KB
MD58122073aaae65097eb2387f705fa85a2
SHA130ca941e762fcea6382bb76ad9035ed31bbc885d
SHA256a9dafb3aa78336294dca95111c0fbdf148ef90c8e349308e5bb37688d483e461
SHA5127e91680b6d03f9de75971ad818655753e9589e3da1c64572b6b53146159e94e8972205ad9ed744409b4732db88cf99cdadf741775b10ea65a78eaef2b56d5ae8
-
Filesize
8KB
MD552546f731f7cb2f2811edae0c9f03618
SHA1e37bd44eb3487c4da4a3a1357d1b970ccae7c45c
SHA256d1c24fd21b023f4321ae86f0f14a8c9cdfdbdf3dfbd2482675adb1ff34c5734a
SHA5120933f44496c2711a4115e165818af2f788f79dc6152e8464f52b7c583af72da57648bd2b794a0fc19172fe3ab6b9525bf480fc5a089c09dc48916c8f4c552d74
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mg2c1myw.default-release\activity-stream.discovery_stream.json.tmp
Filesize26KB
MD5ec7f12f05f8c1344cdb344c32e48cfa4
SHA1da37a1da62feb108410401b3de644f8f40fd75aa
SHA2569e23c348b605e8e9ca46906bf9df5103bb165f2240f70c4a9230a98ff6cd1530
SHA5121e3474a97570c3001e3c3751378a50121d31b2f2d1d48b305ba6ca22c1271f915ea56b2e64a99bf3fcf4d1ffe2321cf44d5fd867a1accf75be7edf8b81ef721d
-
Filesize
7KB
MD55fceda6340f56d064df197f86e9a4143
SHA12944a7c36050049279acb67c7b0f72099255b58f
SHA2562d2eec083cca4037d3b87d9edbdbbd7e1bef5efbc3749d698719da52268bb005
SHA512ad97ef993f7d846363ded667b41db459217d4b6b59bae6c0e4844de1616b42fb8100b1411d7d6dfbcbd8cb5cb3e8720b438d5e3d355985e093c5bcbe3d80e120
-
Filesize
7KB
MD52415b835dc0d8456823f84cb62bcad08
SHA1140b6362562b67bc1a15faf397487bcfeb0b94cf
SHA2569b8030d756e909276fb9fe84bca2779afc858912b352107b82b79ceab82824b5
SHA512064efdaad699cbb9e62fff37dc6d33c64c8ffe15b8c95a0a5f6e86094a888275cd4febe9abf1bd79766d92d3420bdb6c6a781d0cf80cd9dbd8e2a5faac265584
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD54fa7d56eefbcd11b78480c07e1d65b18
SHA182acb6d04d734ab80be89873155452be94f22a1b
SHA256fac4e4d81db9ac4d28c2be9718abbd8a508182ebfea26b9349b2e8696d1fa526
SHA5126b58b017f9b3143aa7879586cb64491f938d3336ff8604671429b1b1df0f67155b599ac6d776648021478d9c991b64ba58cc8478d1ce6fc826f98465833d85d6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5741a01b3808682603cbaddf5b9184afe
SHA1508756a6c63c7e027f70c0ec63b79253732c0595
SHA25632c8a394d0a5159e0a4af4d2d09489d187105b8187047005b694196e4da8750c
SHA51293bd4ebe2c32fb02d0a3a388658d84d2ce50fdd5654f910c11c5a197b442509bf094fb3eb1101109ef62de5c0889da15370b13adfec72d4fabe6ed2d832c500c