Analysis
-
max time kernel
128s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2024 12:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbXRMSFQyYTJ3VGIzakJXWVdabThORVV1dUttd3xBQ3Jtc0tuQnhLQ0FTS2dpLXlUNWZWNkliNGQ4ZmlxMVJuMTFYeHg3Y3FhSkZHdEUwdThwdVh5bU81OUdKemlzRUVtc0VGamR2MU9lU2FxU2JrVGtMTUQ3c3JhbjBwRzJsazFsZlctN1JBZVRCOUNHLVFyWFdmMA&q=https%3A%2F%2Favio.bio%2Fmlah7kl
Resource
win10v2004-20240802-en
General
-
Target
https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbXRMSFQyYTJ3VGIzakJXWVdabThORVV1dUttd3xBQ3Jtc0tuQnhLQ0FTS2dpLXlUNWZWNkliNGQ4ZmlxMVJuMTFYeHg3Y3FhSkZHdEUwdThwdVh5bU81OUdKemlzRUVtc0VGamR2MU9lU2FxU2JrVGtMTUQ3c3JhbjBwRzJsazFsZlctN1JBZVRCOUNHLVFyWFdmMA&q=https%3A%2F%2Favio.bio%2Fmlah7kl
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1544 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3504 msedge.exe 3504 msedge.exe 972 msedge.exe 972 msedge.exe 3300 identity_helper.exe 3300 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2036 firefox.exe Token: SeDebugPrivilege 2036 firefox.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 972 msedge.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe 2036 firefox.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 1544 EXCEL.EXE 2036 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 972 wrote to memory of 1176 972 msedge.exe 85 PID 972 wrote to memory of 1176 972 msedge.exe 85 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 4404 972 msedge.exe 86 PID 972 wrote to memory of 3504 972 msedge.exe 87 PID 972 wrote to memory of 3504 972 msedge.exe 87 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 PID 972 wrote to memory of 4060 972 msedge.exe 88 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbXRMSFQyYTJ3VGIzakJXWVdabThORVV1dUttd3xBQ3Jtc0tuQnhLQ0FTS2dpLXlUNWZWNkliNGQ4ZmlxMVJuMTFYeHg3Y3FhSkZHdEUwdThwdVh5bU81OUdKemlzRUVtc0VGamR2MU9lU2FxU2JrVGtMTUQ3c3JhbjBwRzJsazFsZlctN1JBZVRCOUNHLVFyWFdmMA&q=https%3A%2F%2Favio.bio%2Fmlah7kl1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c1847182⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12882894414524249664,2338470744973153263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:12⤵PID:2328
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2492
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1920
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\OpenResume.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1544
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:3680
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2036 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a15bc14-edcd-4cc6-9e74-9e0620154686} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" gpu3⤵PID:440
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ec23b7-bc91-4417-ab40-d797ea505cbf} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" socket3⤵PID:3280
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 2936 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcadb8a2-1290-4b0f-bc66-72a222f56582} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵PID:3300
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3792 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1c9243-b7d9-4325-b577-0fea3496fb1a} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵PID:3724
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4668 -prefMapHandle 4664 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55862ff8-3a75-40f9-9887-05af4cb843a0} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" utility3⤵
- Checks processor information in registry
PID:1488
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5408 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {708fb565-79e9-4cd0-b1f9-8a51556ff971} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵PID:4412
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd4be22e-651a-4566-81bd-cc7e74f67ce7} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵PID:392
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5768 -prefMapHandle 5776 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7846162e-dfc8-4a53-9265-4c69e09a6c2f} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵PID:4308
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 6 -isForBrowser -prefsHandle 5628 -prefMapHandle 5620 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f20e3a7-edb0-4bd3-ac8f-d12ae1e064d8} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵PID:4756
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD565c2b12a8c8fd9f861854007c7579069
SHA118ddca401be7015bcf3fe39e5762285358e69e37
SHA256ad69470ddc3634dd3dc3d032ae8652b859201f7ffef48f37fc55af4b25f6ca20
SHA5125a9a300c1cb8e3c963fc5999f5b74e48b76b630cbab99c2dca916a1c51ca3068697f9d1edbd36d41c26af891bac3e94813d1e60c18b27b5a5db9da108ecf0188
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize672B
MD53900e983d1fcf730fc5a5574875dad6b
SHA10b532378b32bfd12139865a2f4a3b47cf6c8f216
SHA2565791a9a6c6a5c9fdf27070ec3dd97031ecdcd2834ac453c0e83e9782ab7a2fb0
SHA512c276a0238d3cf2b778262ea13f8622a03e1b21410c3ceb3b9ebde7e213593bbdef718657b585642b5768da07d8e81081821f0041352907f28e39baa89006041d
-
Filesize
2KB
MD563ad387f07c9a2921ec3eb323cfe93e5
SHA1f4e3e5ea9b6e2a22fb137084b617aa4b3f29dd93
SHA25670267563c6b9c47baccd4a75fc93c62e3f574151b637cbb8a502b299b5384c82
SHA5124ca9f7490df5e35ee1e28ad864857ff049296df945ef9c5915a7b87ef91ca40b45df48b9d2477307fa472922960a928385343b1cb2f63e327c5e4d5fcc691ef7
-
Filesize
5KB
MD53732912b48386c42e432e57b586194e1
SHA1c583ca06a22d805fb17c4ee547e365f3196d2108
SHA25698e554a47d739993e2f90db56f65951ea6c59d7ee012fef1292bdbb0f3ab8785
SHA512c04a9abf40612a2e70c686eb01805e6d77bc190e47e82d51fa0406761470c7f1ed252c5aa7ea426528e00f20a07dbbefd06f998c20deee4f7660ce175566e65c
-
Filesize
7KB
MD5922396f4b2ad4e4a47e6a1d0e49bb271
SHA1f15fc545f0f102c8a5f073d7e78d973e06bafee1
SHA2566e19c158397b6383e89ded2fa0b1ff4f64fff22f740ebc8d0a5fefb6a92a2b69
SHA5120031e6d4a8a290e71e4c3198e3510dd0afcabf37cca317ec96da4eecfe427ff8e5ab4c42636ab7662d1105cffe50fd35de79803c95744b6a2b3e6ece08b8b6ba
-
Filesize
7KB
MD5179a8af9be854ab5ee10ddeb8679459d
SHA191d27f83ff4530eec5ca81f314c99d778084e746
SHA256ae81f6911efa59c5b55d9c49246f302457758b52fe7fc89ab30c212ef4af65d7
SHA512c1cd3e7ab2a86876c089298d3820429c8bf856006a6957ea7202c4379f98f4d7d68b9125480b7ffa0114163009a8873501ca2c38bc8c73e6fb2a4809106b6813
-
Filesize
1KB
MD5be03c219aca8abffde47804c7934f5ca
SHA1fd32ff3fad7d6bff388d5946692b130718877502
SHA2562755890b25b78e5eed5ea1c665dd2df576ece1768641db04bbef6ff8d774c3ae
SHA512d6f4ca240a0aa72bc68071c5991874cb8b14bee52d98813fd884f2c6bf9766394f2f15e63c2eaf78e55371e5b0ba907bb16af923448e4e0220bd3316d9f72e9d
-
Filesize
1KB
MD54948a658bd5537adac27e6ba3a99652b
SHA17151392656fb7bd2870cbadefbcebb23f60a9d89
SHA25698b498804cff8d353ad30092eba334d93e6a22af7561554d3e4384c3f5823622
SHA51283828aba66ce1e1c9141b9926ba1d1d5eefa6bd31325cd2bf2647d3f7a2bf478a7329b3ef2261156e4a6ab1546571e7f21aef46c14b56ca5853611f563321422
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51607ba19dcbbbeee4fead5922a27c3c5
SHA18cf0955272a6569c269f2440b374d3d1651dd3cc
SHA256c60b10fd446f4396535f3c62e0fe027ebc6c8d693a5751ae443eaa248dfd81c7
SHA512647509b38a0c2e980e43fd75c136c3f5328deea5f7891e5e8239a17afdafb9648805d47d12a890526f39766ed0a0900f687568e28fba85bde982ba282e21b950
-
Filesize
10KB
MD5099e512a300e6375731ced965bf353e3
SHA1266fbedf18014c429e782f30b674a0b0136e1109
SHA256644571dbee6f3ebce7d7ec1121fc6e521d5cf9e9b6344f05637fa56f078bbab5
SHA5129035457bb14a547735e9f64a75f1c5b501a57d1c3f137757de5008c8f51fe209473af4cf0995b499634cc252c65c704127cd88a867e1d6e7dee9397acd7bad26
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD506ab9488c69d695a89de4aafe58ccce5
SHA141c34771987ad248b49a3fe2e55ad3a4e70800fa
SHA2568af7755db4488dff537d002857d728b3a0feceb6f46c757cf789b62acdc9c0f2
SHA512819430dbeb31f1354f3cc0716449910ea4e1b941a96995217fe1f07ebbc3f537636f9d8939c6aff89a8b3d86682b3911f9432e5d23a4dd66564065ec4fd6fbbf
-
Filesize
358B
MD5006139e01a4fc9be5e0474d3cc282a02
SHA1b20ce7ecd10e579ad56c22a62ef5fa5843bfa0f9
SHA25675ac8850016e547120871afcf6c127bbc88557764643269c5b9ad11be04ff9ad
SHA5129c67243974d503a2c2ec2604be6a89195e9cdad6dd8ae5eadf2f210d424621448db094017be463143e64a64b9583129c4788a5f8f502675bcf7dc137ad6b4945
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD549406b2330cbd69a5716d6f4361132cb
SHA1c4022d449825062a8835e80a889f0eec4962a2af
SHA2569457a3d02bfd904b4ad2f2051657dabe54dc08546861bd68b176c15c5a559ffe
SHA512a53a760d74030ab01f834e763e9de72d2dc4e672ee1d818719ffa13aa6c890c4fec37fbe4faf7bdd30c0bab6f97f2df1e307bd6277e38f6e04e9473adb7934a5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\83e0bb22-6d6b-4e48-9759-0ec6337b5b23
Filesize982B
MD53574ceb63fddf9514da9ce2e2b69afe6
SHA16a2139dc88d0108388ba4107d780848970c51615
SHA2565ff672c82b482b497f5fbbc4d0d4a2c7d92de697367f66cb4c75f14ac47ce3f2
SHA512985795338fad5f5a7e3e7e05be1584e80dd391df94b21bbd75a460f95e6e9cb0de5a333c8a15872ee2292d54d674b2f199069f057b0268be6a6329ab2c2c20c1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\97d1b839-7456-472d-81db-566ce846849e
Filesize671B
MD5e40cae2d43b38c4906ce604c13f10fcb
SHA1ecdab410973ada55a39c25d6793e98d364135b84
SHA256d395b412573bb07131f7e26703977359c906afa6f902680e4cb33699933c4fd6
SHA512de5d5684b26ab0d20fba41e952cf5b52edc879b3824f6e94c82842cf69b2e242b7f0a2eef7657239b5f4c395699d943ff6f2790234b1685d096584bb98f53f6a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\d30c33ec-ba07-43c3-9432-6055aa52cf1b
Filesize25KB
MD534f8382b9c75bf26b2346a0d64dc92e1
SHA17925a9f5b9406dd96b759977ebb9f8328b4a4066
SHA2567c2441ab06b330f76149827c6d25860d79468e931f71b4143ab5dd86f914f7bf
SHA512814e6ac73e056d906f9be9ef301b7dcf59426a6d8db10db7b1e7ff1ed8944da1b3bc7770d8c469c75a5151d48abfb469d13026db0cc5bd866dc9571ede292a05
-
Filesize
11KB
MD59edf61c2796b35790cb717792e293837
SHA154599eab1208ca45f6dbea8bf1df910c38f9fe9e
SHA25681b322d70c3fe9cda35a052e47f60c4d74ca3f930daa95c3cc23c26bb388af78
SHA51231f22bb7376174c87a1bd0c7c85a33c8975471f7b8143e899b6d061d64c8d7a4cd4c210aa2fcfc8a95ecc67b370016be2ff6d32b0336d28d7d52a3b9ba86a61d
-
Filesize
11KB
MD501df11bee37c272d5548c30f244c7f3c
SHA19da25ecec82f058c3bcffd279a4b177391bf6015
SHA25648c4b4c05fd316df1018e892faa6923b723e139a79678f57a4a21247d3198d78
SHA51264cee15b9eaf55637b9763bfd494e915b9b0bb8776c5d6d30162b484b5db64d9f900bfa78fde0faa5e39c2654a303adf1536a3a66cecf36e9f6416b23887cc94
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize376KB
MD58d3c6d1f96d00b10062dd81143727d8b
SHA1bfcc73a14d1681dc2d39ddfa5ad932ca97ff549e
SHA256acac813ebfb8fe17c968391eab0dda3db75bd085b53ece09c227513c5a011418
SHA5123e8e4f628f32bfeddcdeecb5717e56ed903a8db052aa027c408d50a9a495cd0f84d4e1b1732abc4b4e823e8ba6d0d42719cece6ea35c79ddd59238aa96d4054e