hxxp://videobest[.]ru[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2023, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://videobest.ru.com

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
158	whatismyipaddress.com
153	whatismyipaddress.com
155	whatismyipaddress.com
156	whatismyipaddress.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3160	firefox.exe
Token: SeDebugPrivilege	3160	firefox.exe
Token: SeDebugPrivilege	3160	firefox.exe
Token: SeDebugPrivilege	3160	firefox.exe
Token: SeDebugPrivilege	3160	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3160	firefox.exe
3160	firefox.exe
3160	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3160	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 2136 wrote to memory of 3160	2136	firefox.exe	87
PID 3160 wrote to memory of 5044	3160	firefox.exe	88
PID 3160 wrote to memory of 5044	3160	firefox.exe	88
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 4484	3160	firefox.exe	89
PID 3160 wrote to memory of 3788	3160	firefox.exe	90
PID 3160 wrote to memory of 3788	3160	firefox.exe	90
PID 3160 wrote to memory of 3788	3160	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" http://videobest.ru.com
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" http://videobest.ru.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.0.1756081820\1887968894" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c0ffdd-3c0b-4a9d-8a41-6f5887102a01} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 1944 1a94d41bf58 gpu
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.1.1358060020\6156623" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa829a26-5a9d-4a76-864b-83d0eb847d42} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 2424 1a93f472858 socket
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.2.99273917\1733405123" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3304 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1db558cb-ce85-43d4-87e2-c8aa87b5423b} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 3008 1a94fc15858 tab
    3⤵
    PID:3788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.3.956957209\997861776" -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3195712-94f8-4c1c-a12f-45f9f953130d} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 4020 1a93f462b58 tab
    3⤵
    PID:3696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.5.552468622\166014901" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4920 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38395621-2fa1-402a-877a-976ae0bae63e} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 4904 1a952816c58 tab
    3⤵
    PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.4.1485381463\684986232" -childID 3 -isForBrowser -prefsHandle 4836 -prefMapHandle 4848 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57bc53ae-0e70-4a47-b338-a6d3d0be2abc} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 4844 1a952817258 tab
    3⤵
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.6.905254344\1968369947" -childID 5 -isForBrowser -prefsHandle 5140 -prefMapHandle 5144 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ddda3e-0384-4c43-8ed0-0b562e983e7f} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5128 1a952817b58 tab
    3⤵
    PID:3208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.7.352332562\174597886" -childID 6 -isForBrowser -prefsHandle 3812 -prefMapHandle 3844 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd66c56a-50d6-41d4-8d08-c35c0d17611c} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 3456 1a94d90e658 tab
    3⤵
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.8.1700774536\303468288" -childID 7 -isForBrowser -prefsHandle 5740 -prefMapHandle 5736 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16109b6f-bd34-4dfa-814c-d7cf09dee268} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5748 1a952816358 tab
    3⤵
    PID:1448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.9.296756041\743636346" -childID 8 -isForBrowser -prefsHandle 9988 -prefMapHandle 4492 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d600229-08a3-4b05-aaec-46957a7e250c} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9984 1a954292f58 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.10.666324574\414967020" -childID 9 -isForBrowser -prefsHandle 9712 -prefMapHandle 9716 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {564e2f10-477c-408a-acab-e2b9845e0ecb} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9704 1a955c21558 tab
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.11.1306716818\1871925282" -childID 10 -isForBrowser -prefsHandle 10216 -prefMapHandle 9560 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9821ba8-ff0e-4058-8cda-5092e3fab25d} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9804 1a95631b058 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.12.1983409786\1132866404" -childID 11 -isForBrowser -prefsHandle 9244 -prefMapHandle 10220 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {980c7ff7-4a9e-4d59-866a-146f06f0a578} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 10216 1a956945258 tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.13.673364728\688594189" -childID 12 -isForBrowser -prefsHandle 9080 -prefMapHandle 8968 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21dbec73-9715-4f8c-ae54-a08727c63803} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9176 1a956944358 tab
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.14.1895719405\679203431" -childID 13 -isForBrowser -prefsHandle 8844 -prefMapHandle 8848 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b46c5d-9687-4446-9905-cfd99734c9fa} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8832 1a956c09858 tab
    3⤵
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.15.687554096\913522433" -childID 14 -isForBrowser -prefsHandle 8912 -prefMapHandle 8908 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb5180fe-2d91-491e-a1ae-97baf8e99747} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8920 1a956b42b58 tab
    3⤵
    PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.16.611972541\1933526709" -childID 15 -isForBrowser -prefsHandle 8936 -prefMapHandle 8932 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4160291-0207-4cc8-aa50-2710d165634f} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8900 1a956dccd58 tab
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.19.397384418\1023685594" -childID 18 -isForBrowser -prefsHandle 8652 -prefMapHandle 8856 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fed384a-d68b-4e2d-9403-c307e7775dde} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8164 1a9557d9258 tab
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.18.1002448400\725698912" -childID 17 -isForBrowser -prefsHandle 8940 -prefMapHandle 8660 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {635bbc45-64b7-4249-9c79-6c59ec047d42} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8424 1a9557d8c58 tab
    3⤵
    PID:6004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.17.1782738165\1399468525" -childID 16 -isForBrowser -prefsHandle 8316 -prefMapHandle 8932 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81ca0f48-ec10-4ef7-bbe1-46bec6e17379} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8312 1a9557d6b58 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.20.758682074\602543271" -childID 19 -isForBrowser -prefsHandle 7652 -prefMapHandle 7672 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {375555a2-362e-46d0-82e0-f3c9e99a10df} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 7640 1a9579be458 tab
    3⤵
    PID:6476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.21.913489849\1127111538" -childID 20 -isForBrowser -prefsHandle 7440 -prefMapHandle 7436 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {055b375f-2f7c-4d24-ae2c-67d6d6a621c7} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 4928 1a9578e1558 tab
    3⤵
    PID:6564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.22.1986770273\1796895512" -childID 21 -isForBrowser -prefsHandle 7684 -prefMapHandle 7260 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1f9de71-f842-4baf-8184-f840997305d3} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 7608 1a957e38b58 tab
    3⤵
    PID:6244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.23.587799576\271806715" -childID 22 -isForBrowser -prefsHandle 7100 -prefMapHandle 7104 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaf9e7d6-4965-48f4-a86a-1cfe2f359d1a} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9732 1a9583a9558 tab
    3⤵
    PID:6256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.24.1487773357\223025547" -childID 23 -isForBrowser -prefsHandle 6728 -prefMapHandle 6732 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8fb166-5f1b-44ea-9a1a-daa61388feea} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 6720 1a9579d9558 tab
    3⤵
    PID:6952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
d2099d01b6db8529f7c96106064b5161

SHA1
df6bc71e55461bb7964ae64355b2ff2f65b9eb73

SHA256
71b56f7fdd08ef23218287a47e1fa03a39fe0ffe485da5f544fde06a9980b691

SHA512
29afb60cf8a330059ffb6906a8f029cbc4fe4e5c6ee753b741197950c246b041f0e9ad4950931012b4de5b4a55d36f65f0ce4aa4c1c1dc091aeca2a7fe4e54e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\12464

Filesize
20KB

MD5
e2f5249f3bb7962dbbc5c9da80c3fe29

SHA1
198f5d18a664915d495ed0310c2e61ce9eee8aa6

SHA256
0ec6b11a52ba42e18100bba9996866661cb81adff24c02764edcf4cadf8d198c

SHA512
23fb7c3238a949bf1f392b955ad1e1fd820be4be123e97c4b857c00c10313bc085586750798b824eeca140f3f076744db1cd231bc97738b4a7ae2534e2b1285b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\19188

Filesize
15KB

MD5
a50d6734ebf7a568d160ccb1e6ea8ee0

SHA1
8b3a5dc143c18e7951a6ae3f8a214c4e0a924bed

SHA256
0205d0b584f0e57fc97bc0e66e4ce7fb34b6212b642b9c3574170208ddef0b7b

SHA512
d1456c45209c630ec76731b95ffc8913adcacf951f4843b0abee3861bf0eb4bc32c5a9dcf5ccb28134b82bb9d2a5b4f87b4104a3a73ea7053a6df56cc122ee4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\2063

Filesize
8KB

MD5
99b2990e7aac0d7e4c103188e676f067

SHA1
244d735b37ef38c4d420b79c29d85b6eb0e9a7bd

SHA256
4d131c683a265289aad3ccddbe898b89a14feba2ee3a357c075bf697eb58c032

SHA512
7d1bcb330d0551936710c4fef0e405083abfe3d0ec3c97aaf8c0dff2c48bafedaa42c09f3cf77e61b9b335173c00beae19b41bd65abd05940870dfa890b6bbf3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22216

Filesize
805KB

MD5
41792208e5bdb3c30f962eb7db202992

SHA1
69cf12a629a04306a4dfa194eeb00aed6d5b25ae

SHA256
f8ca027b7d5dfb765e041d1ce40a5c5e9f37caa4df89bd1434ef31067a889646

SHA512
79a50f45c6c6fd4f8c0182828170ccec011abad915bcff41a232c6449faac833b1bc25ee009b34b72b985f326051431b4af76b7e8609abadba79c8866a720a29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\5984

Filesize
15KB

MD5
80b1dc7cb836d0e2290a72c71e1a661b

SHA1
51fc723d306d5f40d27b348bcd008ec142d227c9

SHA256
e9631f77743cda6776bf2b5a49e619cf545267b29e52d560e8101cfdb35519d5

SHA512
dd6124841d92cc1503705d03b531777dc99afaa28c2c47f6369d1347912d66525ba4bfd7a78bb060bebff814bbf3963c81b67fb78433d2df9378104121d5f9c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\38EEC9C054A68E6A6BDF7B3FE4E840C27BD37EB3

Filesize
119KB

MD5
c3658c59f93cb127c123e301541f9ea0

SHA1
eae7b061e129ec469a7fc75c1b72815b2fc3da54

SHA256
fc6c6479e27300b9f49120a8ec8d7efde6a408ae18d9bc196f83ce6418655a79

SHA512
6a55df3041869e9d83d7cd29717b6bbd9318d0b9b9d096d5e49f6cea04cfcf01f0a0518e85ef0a1fe2d46acd6612eb6114e41a996be16757f620ea6e4c724a45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\5617C2BB77122AC13DC0FB65336A8386EC872F9E

Filesize
21KB

MD5
06a3dea72a455e097259cba6e195c935

SHA1
606f497af6bcc3bc1ca239a2b5c9c351caba9546

SHA256
46faf2dcb5ffb735e34e06cc21870d179156f27a0c939183515ae4840311333a

SHA512
2d6472295c6006269b52415cb2134c6b7dc8af1ce841dd9e2792a3aaef617dd2ae14afb38185124dcd470ec692c0b44bdcb3aaf894abb700795e87aeaedf53c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\7F4B32DA7A49D3FF8BED963471201BEC3D6B033F

Filesize
26KB

MD5
43b46c4348268fcb5b78d1610caac4f8

SHA1
af4b4f2507392b614db7a1b4ceb69b7b31033164

SHA256
2f41a9d52d3a67602304c25bf90cbef87f9aed7491d45382275c1ef217239476

SHA512
96993ac7d91c3b993e991bfe02f714a2f5f76e99a42b632f7c0c464df51ab28fc76091ec63b2b8b04a1cab4dff841ecd1177395c907f95c7301e6fd7e85e07fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\C688F8FC308E1926A867FA56E1D8D22B5D34DE4C

Filesize
23KB

MD5
a3af850a3f9f9013901d7790ef2f44cf

SHA1
22f145363b1dfcc4e6a91f53081d13d53922f977

SHA256
3dc17587dc1151cd72d4d2089c2a1a233d1984230be7aafabaa5fb77c8e5dbcd

SHA512
e3840a6b2d9e0e6a20a6add61496ca373f77048c901ab16c7f1caf626a123b239c7f507994b3eb687039c0855efd35b4ad567e9d11e16515947e3af5df923b48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
a75f62d004f93b3107cd09f37aa2a4a9

SHA1
f67b33d930a3f82f33abbe73ff76d617eedaf6cb

SHA256
316087d018f4dc973efe930772672980a6b4d238de0e7e86bfb5a24280003924

SHA512
650a6b8a396218565c28beba06b7700346b70609e7c80e3f2e402b32f33239283e98911f1dbecca3ad04ba9956d4bbad2268bee62f93bf558a5885e98562bbc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
2dc2719bc6050bb1438f07253705c313

SHA1
35a6afd6ed1b7715c4bf3375171dc5ee403ded0e

SHA256
9cad6a8e418b3a585cfd63c4d0195258d330711189c7cc70c067a6612204e811

SHA512
7bb116219b442872d85a2478f51b54c10249564853290737fc9d885e92142a24a98b45b4e5eea97bd7b345c027fc9a1d13932c7180b0c7ac07e08e2cf300b557

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
095a0f5b2d896173c6ab3bb62548dada

SHA1
a35333e1960df182eac4a75520d425144f753986

SHA256
ef3ade1778626c656ee244cd90ec1b71cce476d46cb798dbf4dec1c6adc34f88

SHA512
23da3fb4dab89ba057d2a6af71b01a0ef94decd5f8ef1b2d90acdaf6b5818913f39ad6939f2e42b215eeef36ad36497173d213ae1708a546ce037cd4e365ef7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
3db578afd0c05cc38c96c22e207e039e

SHA1
a0fd338ec5b271049578cbe1a428f72f55b58862

SHA256
42d24deb80a0dceb2255c3d283da0a335acb44e5470ebe90a715fe53b27b1dad

SHA512
53ca9de1fee123dc6c3d2f1254a9cfdef4ad0731276309c8c732ce6ba8350e5c96f9bf0b233ca4981678b6d757592e0099b824a87edd374f79ee7a8453872267

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
8KB

MD5
fb1b2a0548512cf1881482157bf0d8d2

SHA1
3e847c607447a97aabd4f613096d0d3882e18479

SHA256
75b21b0c029ae42ea4dff6cd3e579a6164f0ba7347c97848dca2cdc0d8cad595

SHA512
505141799a2eddf49f1e0f80918b373cad6197a6be5873f3f805ff5fe2d2472f79765e07abb1c62e5a2f575289f4aca4ab08e0801bdfbb67056bb6dc2180d615

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
88ceee265d5ff72e00eea0a77be24de5

SHA1
9367c9eab5965305d8abaffa8b95370aec5f43d5

SHA256
4ef2c8d2cb00bba2f0b1c880e69612346d352654d422ad576322f9ca28d7a2cd

SHA512
07c746b685422a07ef3207e3a6e295a675df3e407764b96ad7c88a03d716c862c2f98184946f4bdd9f81ef6d11bc1ae666efb9d00fb2d7a00cd729f6e86ca4a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d90a7bbdde496861456a3884a266877a

SHA1
0c0e084db33d40a1020fe954c0e92312250f3f6c

SHA256
b85c37756158baccccc8e5d4a8a3fbc3523b4b805736c5ebe3fb8ec8c49f9399

SHA512
cc31490ea68ffd2f19a9ac257e58bfc924b2f21f2a29eac9efb638ee30b3261aa793ae47406971d271d0c012bb927eca6bf01451a8e06bbff17c59fe39fd5afa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5922c5505ae3b311a79199d9d4cd7b48

SHA1
f181397934250fff081cddc013081e8671a0c658

SHA256
e8cac86ef35f940a5659e2990d07e1e96a0eeacfdf490fd12c4d8b72bc6bcb83

SHA512
f0527270f0812b15438acf66513227e505a91d20e10b6ea825b42cb3a28d577469704f5e45513ebc6550c6d1775453933d5d2092008a298305850c0a34791d62

Download Submit