Resubmissions
24-11-2024 04:51
241124-fhcm9svmdv 624-11-2024 04:50
241124-fgcxms1lhm 624-11-2024 04:47
241124-femn3avldv 6Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
24-11-2024 04:47
General
-
Target
https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 35 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd34fa3cb8,0x7ffd34fa3cc8,0x7ffd34fa3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,8118139241455706847,13829927648060654274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\AppxBlockMap.xml"2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\AppxBlockMap.xml3⤵
- Modifies Internet Explorer settings
-
-
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\[Content_Types].xml"1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\[Content_Types].xml2⤵
- Modifies Internet Explorer settings
-
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml"1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml2⤵
- Modifies Internet Explorer settings
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml"2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1420 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebe6d74d-39b2-42dc-923c-7a56c31a74c7} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {158f1b3c-8b33-4f82-be0e-6af8e556cfc6} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" socket4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2984 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eec192f-4dcf-4003-be87-445614160139} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3820 -childID 2 -isForBrowser -prefsHandle 3812 -prefMapHandle 3776 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4121be35-673e-4b62-afe1-707f85b03b3e} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4516 -prefMapHandle 4544 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cad6d13-9e80-4d19-b46d-cd2bdbc2775c} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" utility4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74505049-bb98-4b08-8838-0eaa52c26208} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5376 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0059422-f226-464c-aefc-145a8d0810c7} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86c6933f-8497-4b3d-9d80-34ab7396ef98} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c0a1774f8079fe496e694f35dfdcf8bc
SHA1da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3
SHA256c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb
SHA51260d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b
-
Filesize
152B
MD5e11c77d0fa99af6b1b282a22dcb1cf4a
SHA12593a41a6a63143d837700d01aa27b1817d17a4d
SHA256d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0
SHA512c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3
-
Filesize
480B
MD52e3a479c131c6535a748562f0155a095
SHA1e3d9a148f681099a524f96ca98fd58d4b7486f0d
SHA2567ea90b451bf14083cc32365b0fe03e41bdaeaaca002e2b835fe1b0034af942cb
SHA512f33cb3a6e6b3180416aa53d686ecca6a91d73b77659722faf613cbd97b3d1b0af6d295fae5c63d7a503f0906dda1dc2652596acc29858eea8ff79dccac3bbe69
-
Filesize
3KB
MD5efff65a28307bc84da94b2e028eeec51
SHA18d6289dbd5ecae7864eda6bab893a84d598ffaeb
SHA25612c36325c73c0bf00ec9adcb8d70bfb89e2be06da1284ba1d62d090f8be4153c
SHA51293f82955d45ae4db0dcdd036928601e81fc0cfbba030a941c32f49a25a46069154bcd1d20dc0675de9aafedca0a840ff94a405f6e944c7923062be7a32a871f6
-
Filesize
3KB
MD569f95de070362d39c827ff5d9c47de53
SHA11587a5224718d89808702b29a8f2938c3ea2b954
SHA256e001e6143a1ddb1f3207903e761d3e2aeb0d0e8a4d7681b712089476d0de9d44
SHA512bfa0bb07ffedf2939f6978c71f56bd641aa07a410327431dafe9938baaad8d8aeaa0faa22592ab2c5068db612151b98ef36f4c7329bdf705cfb42f1adb75d94d
-
Filesize
6KB
MD5243fd4803609d99de18d2d17a1d125af
SHA10b540601fe5e78847647ab8323caa90e0075a8b4
SHA256941942439149a6cdc06852bb7adaa96b955a8ddbb320327b13aba20d4c0f1c01
SHA51230dc1df5d788cf63541687170d8190379c5cf579eb3f9e6c5ab19d2ebdcd607ed021f52fb7605d4169800fc4297af2210b371d5b14fd8848327a1d163a210b87
-
Filesize
5KB
MD52c4471c5adf3130d1d830e5f8c0926da
SHA1da3d4a3cdbc8d5e3de9f79a950888173fc1521a8
SHA256c9e50b62874aa34d825372d69ad76a2572e3fbfd02191c784a8891c567542a31
SHA512aaad00e951c8871663960f46237c76c5a1f1197b0c4ff8d988ec740c0b6a434ce298cf657434396a0ff295520702b1cc4b344778ad5dcde2c47511cd6e72ec7f
-
Filesize
6KB
MD5ab305e2bc9e8b41085ff470df36c93de
SHA10d83b1ca44b955e5b613e341371d04ecbc1b26fd
SHA256ae28b9a9ecffc00ca3f736e73c16420529700fc383c72ae9b8b5c3ddbb020075
SHA51254ed19019da4876f750a404771a46377710b80a7e05b98f02dfec420ebca02d23e4180593693ee752dd5351a5b3e0348649ddc385205d89380e1f9590897eaab
-
Filesize
6KB
MD5ca2a8c78e2e1f2e55b8ba11a657edbe1
SHA178d2b1e80f007743df4ad0d950c89f6b6baeda05
SHA256bad5740890b4c36eb7c75263ecce2a5bc8907f2ab1e178c41a676097b93cfa85
SHA512d6a685b090672bada14565e4a67a95c7b82aeb3827dfe7beb523e822d0437bb9b069f273c13f939018fb60625db0e2424158363fac56f36ae9b6d394e791f6e2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD52ec9ba2ec9bb14a97ed977af4a731bf4
SHA1040c27ea6c2216f32781b1b39fe2143a287f02f3
SHA256e5abab3532bee6422301465a50d43943917db776437e2a9b8bead7196e3dcf6d
SHA5127cef366d88f1c2da11b1442fdc11ff90128ee0d0cfbe0e63fa49a3012c96ddc9af9fd702b5ea322434900b7804d92bb134faab6ae778e4f4e81ec2a9d65fc6fc
-
Filesize
10KB
MD560be57214b4a28baaa41165528e7bf78
SHA10fa108e620a8cce4d20599fc61748bc22ff8e3b5
SHA256845a8d3a862795838143024f83819e6637c733b34d92a75495543b67d08ca725
SHA51296c957c3e0070ce9284c96c03d9a794c11df9bc2dd6adcb6a90d942a179f292c36916a56f685dec673bf39d9f5df16ff75d5b6434385a8c6bf0275ebc23e6709
-
Filesize
10KB
MD579b4cbce238f5dbebfbad24ee4c0ec3a
SHA1adcd7563a202c1fd6ce5f6962c178aa3bc960b4f
SHA256bce0405d69089cfd4d62e7b52cb7e2a8032d0b8c9d1a6ab7145b2017851f8c51
SHA512934bf5c280533a59eccbc9ac8f0c8e2c361ae202fd8ccbe09a4a3e9fc137a4f780927bc6b811559a349e8ca7dd95703164b1623a97853154ffe27f0cfda8886c
-
Filesize
27KB
MD57590be17a641847e433cb6451010312b
SHA1fd9e48dc04a6d3f4b490ca0eba31c18000bcfb9c
SHA2567a9cb27c6b8115c53870f49924f371858ed3cf83c36b52c8109fc49fd2bd56c9
SHA51244759cae8643ad0026e296acd3a69a02561194743c945c754842c444a6d1098b4a466b2f5ae9d553239a4a205f9e181f969218efb24c06e567edd2040177381f
-
Filesize
917B
MD53123b3e1cc2b9ac1580efea6fd51b19d
SHA13accb7059125926b3930eda4914058ac05695c50
SHA256bcecb0308a6e13f41168289d2e5e34c747c8626d6208d127c55bd83423903100
SHA51292ef5ff04365ada3bf73cdb50c48e676c7d694608fcc0a8ea1f43ed21e1c52f66ddf1a473a7f23d9143eeb60413ca40d70a33b05aff47d4949be694f8abc8110
-
Filesize
917B
MD5585c295069dc5d87f17c185fcc1e8852
SHA16456b6b64f3500178418bebba794db6992f0b232
SHA256729ee4b674e4b8e374e96b8fce0240ee5c9fdfb7dd98422e4897e96c8056ef17
SHA51226f115d1ec55efa3cc73e9f353b166f6f26d6a6e8091b0f3e9a88592a372b9a3b6e3a41f0fef3e301ec96709e6ebde8dcc2f828b62698ecbe3095f9d2f004304
-
Filesize
917B
MD5f55a435fed3b00e28c5abc30092156a4
SHA1ff67911fa1282eecbbba09977d6a96c9f8fa2645
SHA256b221ab17bc4f8f27b46545bd95a3b41378bdaac58e7f238a23324751bb4fc549
SHA512beb1fe92c2206eeb367c059d8375fe99ddc5d5290151cb7bb1c4ae61ede1dc71b00bb3439196f57099930d9b4abfa6d831566ceb8e8cfb7d3ffe0a913d334a83
-
Filesize
917B
MD526b09a419b525b56ea9763ef9b471c05
SHA19687b4ed01d1dd22e60ddbd7b2ea1eac8ffbee3c
SHA2564443660ebcc4960a254710f92af841b3ef01b8f312690ca9323391a7c8eb2a5d
SHA512fc0635267299646408fde382d813cfe2d77bdd78ed20316b63b980d5ded32bccbc44d94a399c57a345e1246e7b780982db40313a92af3eb210968b07169b6e43
-
Filesize
917B
MD52d0264beb3bbbf78a2b0ed9086519507
SHA14c92aaeeafadc10c40687233a7cc65abfb97011f
SHA256d3b0d13bafd1cb08cb9b65f5c11ce1a4f571a15ec7865f9ef653d502bdb3d8b2
SHA5127941469c3587f85503505b8b92b5deda860d9baaa2bc7b7dfe6f72203fd245f944dd38376be4927c120ff2d9894bf32e4f5e0dff33d2955f3f98c3a140d151a3
-
Filesize
6KB
MD5919971fbc00073da6b6df7e9be7e052a
SHA156be0bee548cd3e9f7b5468298ce127e68a2ca4b
SHA256d2e9032a2a3f27dd89569129c1b94593909c831a45351efc7e8a5b0a8006e62c
SHA5121443ba1e69adf1054b3c72356be61ca41048dd58e9085708d5b043013a592806cb2b155320fc1c5e821cb67dd5ad6b16b54a387a67fdd9d72908507461c543de
-
Filesize
6KB
MD5e14f85f064d0994b403de9940d7eaed9
SHA1e63fec2e315e03ea483d69f6ca70e2341a82e076
SHA2568d3337eb6efb44799419a29dd91ab07e61adca09934e710708a453ddd76766fc
SHA5123620c82e7370f2b0f3df2e8d70767ebc23bd79c9c735e5950ca39ca21f108c82d664fb8bd4a3a43d2c89193d792ae37a739ccef1424dbc63707566fb1bfd8e1a
-
Filesize
6KB
MD56518c0c90434a4dc746b5786aeba9001
SHA10076ce4d87c288ea3261e763d7c48fce4151fc38
SHA25607e8fca79df47930c62670f96418c3ce88befad971701ebe3dcae53d9958b83e
SHA512a21d3d160140834345894c6f8c22ca5d2a94849871cf8b6f37b1a06a9c7bb9de792e9accaf7068d22d49c4ffdb3bc2ab28cf3abd095d997b8c87552aa39ffb9b
-
Filesize
6KB
MD501260aa12e731f90d2e587b3163e4c3c
SHA1c9c92ae2d296262ac517df5efe9c3212810047e9
SHA2560b12e08378d66fa978e165144fdf38216e0947f048dc4d99b8ab1a179182812e
SHA5126551ee1ef56401231c40055746a53d90df3ec2596f21f90119ea80d1c0f56cfb36053fa02984c586ead54223fb1bfde6027041b3367fdd842fe6ef5e5c5e2bcd
-
Filesize
671B
MD52f39834532e86e83fc41ca69bf5e4102
SHA185836e926deeefff98fc256e692f29d453fdb18d
SHA2566a0b6119e5b6923d5365fdbcfa3b2a8def21be7214f1ba23e1766c2692274f9b
SHA512c35860dff8650eb0064ff5cd1cf741332f2f7c4b2740a7ca69977c3e2598d347ec1a3aac115f84f2f5f8572abed234cf95d6d64e88ceef8a4ded1db8c106901c
-
Filesize
982B
MD581d7a41bdb0db77ec33a2bfed7b3f2d5
SHA15ef25f50f7e5370a1cb1615fb881bc11600a4fb5
SHA2561f4119deb394eb9751ec8a9d86e6bc57c903ad281a4c0eb63271a925cabd50c8
SHA512acb3a7e8594442c23bffef5bf479dd302f3084ff584f0ec85f64f12089fed13b5ce11446182f074f91a3588b5e6c1eb6e14adcf0d1c1df32ef9fc02f877979e0
-
Filesize
24KB
MD59fa296d9d4bf11ca02d95d504a95cb84
SHA1c0567fa620ff6c6a585b742279248fb807805fb1
SHA256b27928c590e1a3806fe0c3773d978087b0e0187ae2ad93190069e59d09894739
SHA512bf0491df88ecf1bf4a5750adf8dcaef844c0d4216d107dec5e86a65f04d040b48bb8084ce63bd70b62e8516133185457cec062ba37c2abea03a6ba3ceb052e17
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB