Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Oct. 17, 2024, 10:37 a.m. | Oct. 17, 2024, 10:47 a.m. |
-
-
taskkill.exe taskkill /IM msedge.exe /F
2604 -
taskkill.exe taskkill /IM opera.exe /F
2692 -
taskkill.exe taskkill /IM firefox.exe /F
2748 -
taskkill.exe taskkill /IM chrome.exe /F
2640 -
taskkill.exe taskkill /F /IM firefox.exe /T
744 -
taskkill.exe taskkill /F /IM chrome.exe /T
1484 -
taskkill.exe taskkill /F /IM msedge.exe /T
2224 -
taskkill.exe taskkill /F /IM opera.exe /T
2420 -
taskkill.exe taskkill /F /IM brave.exe /T
2488 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
2728-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
2888
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
2648 -
taskkill.exe taskkill /F /IM chrome.exe /T
604 -
taskkill.exe taskkill /F /IM msedge.exe /T
2112 -
taskkill.exe taskkill /F /IM opera.exe /T
2240 -
taskkill.exe taskkill /F /IM brave.exe /T
2564 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
2724-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
2800
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
1796 -
taskkill.exe taskkill /F /IM chrome.exe /T
2304 -
taskkill.exe taskkill /F /IM msedge.exe /T
3044 -
taskkill.exe taskkill /F /IM opera.exe /T
3048 -
taskkill.exe taskkill /F /IM brave.exe /T
908 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
2416-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
2500
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
2836 -
taskkill.exe taskkill /F /IM chrome.exe /T
1156 -
taskkill.exe taskkill /F /IM msedge.exe /T
1168 -
taskkill.exe taskkill /F /IM opera.exe /T
2908 -
taskkill.exe taskkill /F /IM brave.exe /T
1848 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
1108-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
2164
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
1952 -
taskkill.exe taskkill /F /IM chrome.exe /T
2736 -
taskkill.exe taskkill /F /IM msedge.exe /T
2812 -
taskkill.exe taskkill /F /IM opera.exe /T
740 -
taskkill.exe taskkill /F /IM brave.exe /T
452 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
2592-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
536
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
2388 -
taskkill.exe taskkill /F /IM chrome.exe /T
416 -
taskkill.exe taskkill /F /IM msedge.exe /T
2668 -
taskkill.exe taskkill /F /IM opera.exe /T
2132 -
taskkill.exe taskkill /F /IM brave.exe /T
2504 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
1080-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
560
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
176 -
taskkill.exe taskkill /F /IM chrome.exe /T
2196 -
taskkill.exe taskkill /F /IM msedge.exe /T
1432 -
taskkill.exe taskkill /F /IM opera.exe /T
3084 -
taskkill.exe taskkill /F /IM brave.exe /T
3164 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
3244-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
3288
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
3408 -
taskkill.exe taskkill /F /IM chrome.exe /T
3496 -
taskkill.exe taskkill /F /IM msedge.exe /T
3576 -
taskkill.exe taskkill /F /IM opera.exe /T
3656 -
taskkill.exe taskkill /F /IM brave.exe /T
3740 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
3820-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
3864
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
3976 -
taskkill.exe taskkill /F /IM chrome.exe /T
4060 -
taskkill.exe taskkill /F /IM msedge.exe /T
3104 -
taskkill.exe taskkill /F /IM opera.exe /T
3204 -
taskkill.exe taskkill /F /IM brave.exe /T
3316 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
532-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
2180
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
3484 -
taskkill.exe taskkill /F /IM chrome.exe /T
3588 -
taskkill.exe taskkill /F /IM msedge.exe /T
3732 -
taskkill.exe taskkill /F /IM opera.exe /T
3796 -
taskkill.exe taskkill /F /IM brave.exe /T
152 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
3972-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
4020
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
3184 -
taskkill.exe taskkill /F /IM chrome.exe /T
3264 -
taskkill.exe taskkill /F /IM msedge.exe /T
1016 -
taskkill.exe taskkill /F /IM opera.exe /T
3444 -
taskkill.exe taskkill /F /IM brave.exe /T
3508 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
3592-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
3788
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
3952 -
taskkill.exe taskkill /F /IM chrome.exe /T
3100 -
taskkill.exe taskkill /F /IM msedge.exe /T
3152 -
taskkill.exe taskkill /F /IM opera.exe /T
2984 -
taskkill.exe taskkill /F /IM brave.exe /T
3452 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
3572-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
3676
-
-
taskkill.exe taskkill /F /IM firefox.exe /T
3880 -
taskkill.exe taskkill /F /IM chrome.exe /T
3996
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\sr\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\pt_PT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_HK\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\nl\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\de\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_metadata\computed_hashes.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\si\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\is\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sv\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\iw |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\it |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\fil\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\vi\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\id |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\mr\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_BR\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\ja\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\en_GB\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\si\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\th\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gl\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\tr\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\icon_128.png\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\id\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\fr |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sr\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_HK\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\fr\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_metadata\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl\Network\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe") |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe") |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe") |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe") |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process |
url | https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml |
url | https://crash-reports.mozilla.com/submit?id= |
url | https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c |
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active |
cmdline | taskkill /F /IM opera.exe /T |
cmdline | taskkill /IM msedge.exe /F |
cmdline | taskkill /IM opera.exe /F |
cmdline | taskkill /F /IM chrome.exe /T |
cmdline | taskkill /F /IM msedge.exe /T |
cmdline | taskkill /F /IM firefox.exe /T |
cmdline | taskkill /F /IM brave.exe /T |
cmdline | taskkill /IM firefox.exe /F |
cmdline | taskkill /IM chrome.exe /F |
process: potential browser injection target | firefox.exe |
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking |
file | C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\parent.lock |
file | C:\Users\test22\AppData\Local\Temp\firefox\parent.lock |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win64.Injects.ts93 |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Genericuh.ch |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Agent.V2nc |
VirIT | Trojan.Win32.AutoIt_Heur.K |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Autoit.ORL |
APEX | Malicious |
Avast | Win32:Malware-gen |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Rising | Stealer.Browser/Autoit!1.10428 (CLASSIC) |
F-Secure | Trojan.TR/Redcap.qeoft |
TrendMicro | Trojan.Win32.AMADEY.YXEJPZ |
McAfeeD | Real Protect-LS!18E64B3509E9 |
CTX | exe.trojan.autoit |
Sophos | Mal/Generic-S |
FireEye | Generic.mg.18e64b3509e95557 |
Detected | |
Avira | TR/Redcap.qeoft |
Kingsoft | Win32.Troj.Unknown.a |
Gridinsoft | Ransom.Win32.Sabsik.sa |
Microsoft | Trojan:Win32/CredentialFlusher.CCJG!MTB |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Varist | W32/AutoIt.ABS.gen!Eldorado |
McAfee | Artemis!18E64B3509E9 |
DeepInstinct | MALICIOUS |
VBA32 | Trojan.Autoit.Flush |
Malwarebytes | Trojan.Injector.AutoIt |
Ikarus | Win32.Outbreak |
TrendMicro-HouseCall | Trojan.Win32.AMADEY.YXEJPZ |
Tencent | Unk.Win32.Script.404787 |
huorong | Trojan/AutoIT.Agent.f |
MaxSecure | Trojan.Malware.121218.susgen |
Fortinet | W32/PossibleThreat |
AVG | Win32:Malware-gen |
Paloalto | generic.ml |