hxxps://oldgamesdownload[.]com/file/97657-2/

Analysis

max time kernel
94s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2023 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oldgamesdownload.com/file/97657-2/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4440	firefox.exe
Token: SeDebugPrivilege	4440	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe
4440	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4500 wrote to memory of 4440	4500	firefox.exe	76
PID 4440 wrote to memory of 1972	4440	firefox.exe	81
PID 4440 wrote to memory of 1972	4440	firefox.exe	81
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 4596	4440	firefox.exe	82
PID 4440 wrote to memory of 892	4440	firefox.exe	83
PID 4440 wrote to memory of 892	4440	firefox.exe	83
PID 4440 wrote to memory of 892	4440	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oldgamesdownload.com/file/97657-2/"
1⤵
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oldgamesdownload.com/file/97657-2/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.0.1100053177\2025130575" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5ee66c4-7bd1-4807-84af-cc1ce68d56c7} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 1992 211fb193058 gpu
    3⤵
    PID:1972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.1.1952159629\1100818919" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e089c426-98c6-4209-a9a1-ee60254b174e} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 2416 211f9b46b58 socket
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.2.149780957\181468031" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 3176 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e45257d9-d5fe-40a5-b894-a531ee4f8df9} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 3140 211fe142958 tab
    3⤵
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.3.2056456476\1159968261" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e606849-65e3-4230-9e47-d4a80308a77c} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 3636 211ed767858 tab
    3⤵
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.5.637268682\97260977" -childID 4 -isForBrowser -prefsHandle 4764 -prefMapHandle 5100 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ea8adfe-bb66-46ef-84c7-ee80a5e86dbd} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5244 21200e91758 tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.4.1852229657\1791282340" -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5032 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b5ce28-0645-4545-bc63-e747bdcf2f51} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5108 211ed769f58 tab
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.6.2138395224\1077557940" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5460 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf210ffa-df7b-41fc-8b6d-4ab5e7a91145} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5472 21202ae8258 tab
    3⤵
    PID:3268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.7.1670119139\2101289934" -childID 6 -isForBrowser -prefsHandle 5844 -prefMapHandle 5792 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd106b1c-2535-4410-81ab-3c6f0c006da9} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 5860 21202381858 tab
    3⤵
    PID:584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.8.1949811107\1135641387" -childID 7 -isForBrowser -prefsHandle 9972 -prefMapHandle 9952 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2286d79-f025-483f-85ca-72939569bd47} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 9928 21202d12358 tab
    3⤵
    PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.9.1053979520\1502068153" -childID 8 -isForBrowser -prefsHandle 6820 -prefMapHandle 6736 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6fbb453-b9af-4766-989a-e4bdb66c41fa} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 9944 21202d10e58 tab
    3⤵
    PID:4636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.10.682052363\1461183000" -childID 9 -isForBrowser -prefsHandle 6768 -prefMapHandle 6764 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c229fd4a-4159-438e-a3a9-b735733f6ba8} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 9784 211feec0858 tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.11.1396332206\1567699180" -childID 10 -isForBrowser -prefsHandle 9500 -prefMapHandle 9564 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a345aa4-2de9-495b-94df-a0e917b160a4} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4856 21200a9d358 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.12.409698546\1360734589" -childID 11 -isForBrowser -prefsHandle 9300 -prefMapHandle 9296 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {648a5037-5c10-4b21-ac2c-89a635100415} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 9308 21200a7ec58 tab
    3⤵
    PID:3004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.13.493230992\883903565" -childID 12 -isForBrowser -prefsHandle 9048 -prefMapHandle 9052 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60dbcdaa-2e10-42fc-8f71-09074996156d} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 9040 21201e0e258 tab
    3⤵
    PID:3012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.14.1924928042\1951760286" -childID 13 -isForBrowser -prefsHandle 8840 -prefMapHandle 8836 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78ec0fa9-ad32-4651-972b-d68550b9799e} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 9024 21201f47258 tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.15.922934533\1035829297" -childID 14 -isForBrowser -prefsHandle 8772 -prefMapHandle 8756 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14068b74-10a6-4966-97a4-3adecac55f87} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 8748 21201fe9958 tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.16.126629618\742874831" -childID 15 -isForBrowser -prefsHandle 8496 -prefMapHandle 8500 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {868d677f-b85d-4454-a1ba-4f871548f154} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 8836 21202cda458 tab
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.17.1945951307\2009528962" -childID 16 -isForBrowser -prefsHandle 8420 -prefMapHandle 8416 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bca70a27-2886-4f20-b56b-aa431797a1b0} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 8436 2120383c758 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.18.745679143\82824964" -childID 17 -isForBrowser -prefsHandle 8008 -prefMapHandle 4828 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b8fcd6c-cd1b-4606-b798-02e466293541} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4816 21202cdc858 tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.19.752740515\1707899364" -childID 18 -isForBrowser -prefsHandle 7828 -prefMapHandle 4916 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3cb2c8e-7acd-4232-87ac-e2051bbe235c} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 7820 212001e7958 tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.20.164574986\706066843" -childID 19 -isForBrowser -prefsHandle 8352 -prefMapHandle 8348 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccfa7252-b0f4-4a38-8332-b1ce5b891bd7} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 7660 2120437a058 tab
    3⤵
    PID:5304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.23.1271070573\1598008692" -childID 22 -isForBrowser -prefsHandle 7236 -prefMapHandle 7232 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1726aea8-d5bb-49ab-a586-037f5e7be6c1} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 2884 212047fc958 tab
    3⤵
    PID:6248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.22.1736838880\2111804529" -childID 21 -isForBrowser -prefsHandle 7436 -prefMapHandle 7432 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {810d6302-2c92-4671-ab4d-180b767d7601} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 7444 212047fc358 tab
    3⤵
    PID:6240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.21.114914951\344207943" -childID 20 -isForBrowser -prefsHandle 8784 -prefMapHandle 8440 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b490e54b-edac-4cb3-b29d-6ccc228b6e3c} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 8596 212047fba58 tab
    3⤵
    PID:6232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.24.1037223906\1026889829" -childID 23 -isForBrowser -prefsHandle 10080 -prefMapHandle 8484 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a001489-8747-4320-9038-b7d4465cee39} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 6108 21201f04a58 tab
    3⤵
    PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
d63328fb0cdac32184321d64f4e7c789

SHA1
2407d05cdd4fe11a3b6716a791475a354c540be2

SHA256
5f29168d0ceaffa55fcad899fc51b6e6d84b185c3f9dbd94da24f1203c38cef5

SHA512
cc934a3081b485c5b79a123b8e86c319ac73afd1572e18c3f55a74be24c19e6b14aa509f5f1ad56a736a5d4adb87898801f09326250767cb13158a356403fd0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\doomed\29600

Filesize
14KB

MD5
877606784549f8168a549615dc37861e

SHA1
a9100312d7a99f7dbfd41c52893e4aa89f92f444

SHA256
69bd20fca55d659196acafbe5df75b4077ff6b7ac9e475d7f2846330861d9bf8

SHA512
392fcaf72f44dc3e4c9d0379459ee66d733a17e45b71505f59215f154ddea12947937a040b0fe6fa7aef7bed6c531439cce76819c57c3fbf7fb38d91f09af03a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\doomed\3026

Filesize
9KB

MD5
295c8b6a2a4e8f7e09472a45f3491e08

SHA1
fd8c7479daf42294befaa929376881952eeac4c5

SHA256
857bb8719e93ed4a8184518b81e4ec85a9860f5b1779a86f21cd798b28254a66

SHA512
a54ab632728109fb3e353cabae9c7ef9499ef1cd7c31a9e9a2cbd0c40acdc455e8c13b3164a67bc3bf721266ed496110ba7233c964130fb39687b56cc67df3c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\doomed\569

Filesize
10KB

MD5
e4e4bee3b3f45587e0f0da4bc79d1464

SHA1
bab6d1784e72954a00039490081f05830cba2baf

SHA256
bbc5b90e97ebdfe6c8aeb365a3e4af2817c6a9bf400cf71961a4450550a8c961

SHA512
642723782d380f800aea5d23eb844b441eeb6f9d5f1b9cf10b1c6d08f405959a689a9befc4069a9e80d08ad1769d672e01087ad82a92cd2c7f26d76fdcf49870

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\doomed\5719

Filesize
8KB

MD5
571f50d1bda30b9566129b1966400c49

SHA1
4a9cf0e6cd7ea53a97ff9c3601697d7c1e6fc3d8

SHA256
a416247c9298aaa8c4e336b6613f41f0f88328b0b355b8eaf8271e5db746ffc1

SHA512
54a1612e322a086329e9701a35a916012850da725de3879d51c0b5b2a181e935213fdc550e4c72d8ed8e78e0e0b6a169643d130d231b1b7a2e27f6a9b874efb4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\entries\8DE5883332C425E52873EF7DE8372AD93799A005

Filesize
101KB

MD5
cdea63857b6a627084a6c20d5e56d932

SHA1
1af292f5f628bad5b2d889dc406f8356e619a9bd

SHA256
f4c6599acffa67b17033ff65ffeea1534fc8924fa121ff959522be9235c8ac06

SHA512
01d107116837b4ef93e3a2b600a5e498a06853bbc525e192b4dc167010a2fa3925ac9da5116102e9d43c478b3c7ed656767c5f33637d4c89a130033d5b696b29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\entries\F14D6E0445CA23D1235E36B27B84B4C149A8B6F1

Filesize
22KB

MD5
222f2b0c260d8d58090bcb4c2cf3be36

SHA1
35282a3379d7a7f3f2602306bda11c643f7fcbb0

SHA256
d217a0b5ec29f2c8847163c73f26c7ec1c5f0888b9f92278759457a16b0a8776

SHA512
b43c1c311a79afc3f248c8d84f9522fc58f4287bd22244e579490eb06841dc535a470a6fdb192525355a6aa7ae2a0b62e9ec4cf34dc0d6b0576facda711a88eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js

Filesize
6KB

MD5
4d25fa6f97a6a0c9acc6a5b887b8aa49

SHA1
f46018d1445d694ebcd9d4227235a0afc2258b3b

SHA256
a65bae9005073f8c7e666f4a6977c8dad2d8bdfeb697e406b538643868fe7e28

SHA512
ee21d7c1bc5f4c8ef1da19175562f7cd1d8965f84140d1489c9b3dd91e4f3c53b3ee8162b53c66d8c5f87244055ebf9b27bab00d023e91ea8c7618902e597077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs.js

Filesize
7KB

MD5
c946289e1d161acd4c0e698627767677

SHA1
d086a11d3ae32c546e93c1665eeece0ee7d1ec20

SHA256
9e801c397c931298eae8b1ea8d862e229312c29df04a5860e6020cb3ca37ab26

SHA512
3d2ed5ea5b8df49ce4365b047b8842762c68c0b668ebfd4e8ac7c9f6945782033efc8106aa12ee8dbad839444dc5459149c9ea3c1a02bacb6f37837dc7c56152

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
f159f596d4d0a1f8e76d1c4b16aa5db4

SHA1
7063ac13ec2a4552681a8c7e3819f52a8dd081bb

SHA256
7a5fb80c6708aab7581cb837eb85887cb8e20ccd8ae837962ec23d0757ac7c5c

SHA512
6548f34cdd32aae8ddf52d213a3ec95b1ff88a1547b6ecf83666ffb33a9b5ea64b0c054de1b2c876d53111cd42172ec68e6f70f82ccca90180129033b4898381

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
0e15f94efb3e200ee16170ff8625c319

SHA1
188ac38bf809b7f07e7910068c7f84440f70c85c

SHA256
558d03a8d0b470f84799fb687bbec8c21edd3714ad8d54897f9ac1848606a7b3

SHA512
8c5b71a33817db45d29f5739abb45718fefeb6b2a573fd338f913cd3dc87450a104285444a814e6ecf1d033633c31a13cfdc062b57c41505c2d6588be0b85738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
60936ea29043eb97e1275aa52b77a181

SHA1
e5b0fd9fe529cc2bda57254207f6679b9e5c7ff8

SHA256
789a7d745d20b051692cbb3faaa7d33046927942dc005ff62075576c24637948

SHA512
37dd0778d61c317bc471e5401ee0ff334f3a778e4583db7fdaee432ca5af7c2a34e8fc28906badfd1bb8252d4b1fb4c631717c1281f64595da690a18ffac099f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
ac3e25f2c7244c9cb52a5bf9a8e28125

SHA1
1f30f972da1cd86a3886b25998ff31718e9f9d36

SHA256
c1bf92335d7928c0e6134be1f820c2fd1aa0d413bc852be627ab87c7547260af

SHA512
20be9067fbfe16148640d895603393a2d3bff075d59d56b8c1d5328da5e723748b508949d7b738f86441848d2b6727389179e8cccf98569b40bb8c95c04cda83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
e6875566dc1c4fb5e8964c3f3f8fc1ec

SHA1
a89086570e1e74e57cf670c0c46935e127f1618d

SHA256
972aaed74daf8755667415e7c6fa161feba2e9314c50d34d023176c4f16d2e1d

SHA512
fc11f8e97f3f4f9b8ee5f141c70340d0a7cc50279c07d0d5b3d9a5d3a4bef2fd5b4fad29f86c00e2074626fa50d7493aa792c4dd829339fb15ab78ed00cf5ea0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
1760269e247a563a7d107743e65b44cb

SHA1
8252c27de30459f318d111e2ecd36bafe3bb7a72

SHA256
1ce38d586e73063d3904cc7706c9470f4efb96d7a1ec786adf91268c5ee1de40

SHA512
d3e4a9c97e0c03b465e0e4765d423271d8ec702c1c5fa9a0762aa3aef7f119033daca4c5a8915edf8913dedb0ac3ef20440f27cd336857f1057ef924ae81227f

Download Submit