a34c3cef7d88bfc45e412e14d7b93df9ac245fffc5aae5c4f30f320b17f99bb1

Resubmissions

24/02/2024, 00:39

240224-azzlgadh7x 1

24/02/2024, 00:36

240224-ax5dyadh31 1

Analysis

max time kernel
45s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GimkitCheat
Size

277KB
MD5

48034abc879d0de13b9554c3b0045be9
SHA1

5d0d4752b1e96fbe3e96bd852c7093c15adf9ff1
SHA256

a34c3cef7d88bfc45e412e14d7b93df9ac245fffc5aae5c4f30f320b17f99bb1
SHA512

43eafcb39ee7eb515d759cc6e07b97ddb2ad20c106c8b1bae0ba6c33883b042d6c114a5babeaa45d6a0c3ce17e40bfe07fb759c098917c5855f26fbe4d3e0748
SSDEEP

6144:3DuqJicfBkVSgE29xxspm0n1vuz3+9mvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VP:3fBkVSgE29xxspm0n1vuz3+9mvZJT3C9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 3008	2912	chrome.exe	30
PID 2912 wrote to memory of 3008	2912	chrome.exe	30
PID 2912 wrote to memory of 3008	2912	chrome.exe	30
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2980	2912	chrome.exe	32
PID 2912 wrote to memory of 2576	2912	chrome.exe	34
PID 2912 wrote to memory of 2576	2912	chrome.exe	34
PID 2912 wrote to memory of 2576	2912	chrome.exe	34
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33
PID 2912 wrote to memory of 2476	2912	chrome.exe	33

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GimkitCheat
1⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2112 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2120 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:2
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1428 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3688 --field-trial-handle=1232,i,18242703942487773303,12667895123223153539,131072 /prefetch:1
  2⤵
  PID:912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:2588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.0.41086530\1484443118" -parentBuildID 20221007134813 -prefsHandle 1180 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a97ce7d8-c311-427f-a0c5-0eeec60e7eb0} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1320 110e8e58 gpu
    3⤵
    PID:852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.1.1184885897\1097822598" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69bc694-4c74-4a8e-a196-a07e2a9003d3} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1472 d71b58 socket
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.2.745154294\1584398228" -childID 1 -isForBrowser -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37bafa8b-8e89-4f84-87f0-0647b1e1119d} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 2436 1106f158 tab
    3⤵
    PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.3.2017832304\93459532" -childID 2 -isForBrowser -prefsHandle 2268 -prefMapHandle 2244 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a757e9b-29a5-4c76-b3fc-95f534ef9ca4} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 2400 d61b58 tab
    3⤵
    PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.4.21786310\932358675" -childID 3 -isForBrowser -prefsHandle 1680 -prefMapHandle 1844 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c137e94-1e68-437e-a9ac-7789e21043aa} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1664 1d590358 tab
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.5.1872174649\1700957714" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34d56564-a2d9-4bf3-b1e9-2723175ef784} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3684 1e706d58 tab
    3⤵
    PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.6.1707173729\793967547" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c758fb07-9ec3-4309-b33e-2b0090664ec6} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3780 1f6ebd58 tab
    3⤵
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.7.1975461745\656298978" -childID 6 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85114fc3-42a9-4b2c-9087-02b68f4639a5} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3836 20750758 tab
    3⤵
    PID:592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.8.1135158155\1931351790" -childID 7 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93b6bd2c-1b7a-49ad-b8d6-17e9ab91fdd2} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 4324 208ae858 tab
    3⤵
    PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f4922a7587a9f92f626d7868051285

SHA1
9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702

SHA256
16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7

SHA512
009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4b2ee290-fb1d-4c6b-8cd8-48488cdc6453.tmp

Filesize
6KB

MD5
bad694fccd325fce6ace3ca35e47bb50

SHA1
84689a206460b35257d8a0868c7605aef6f08bcb

SHA256
1255f195af98c3c6156976fdc5598651c26665c2e3160070e1ec9ba146dfe848

SHA512
a813113886bf1acd5daa9beb234f36d24a39f9a4a2083dea5dfc56f8937e39a3f81455c899d7abd9c8bf0607250d619f85bd98d193e0f71c8af9db3a5b89c76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2df73443e7f7fb2ac1f76121520a5f33

SHA1
23ffdb228294128c626063020f710fa6633e214e

SHA256
2496b6e86bbfb1cfc5b0e7f9792e59927c8c8fd6e9e32383cb7b53c9a999a850

SHA512
6868b698e6b2e32f7096c0295ca66da63c071414f911fdf8e947915e1ddeb1aa2af2545ce5c84d6913e93e486ef8283b3053b53766763c82e05b425e197d420b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b6d08de976f828d8956d738e1b3dae4a

SHA1
4cce3a4694fd03e124b50ba22d52817c2d9098c2

SHA256
b65529698e1e65f1f63695cd80276d869c924f2211ef9d30b21ea9c19ad6c138

SHA512
b3cabba423a832e9953bdba6753fba1d487dd3f87ab7c4821f6a02ecd718f99ee13e4d0c8d1aba17ba42d5f6b345ccc2f9748db59d85fa8b433b744eed4d1670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
caca8493d1ca4c0b12ff450140f9e1cd

SHA1
a7476e9907fb373650b8629efcc3bf70ec4edc63

SHA256
fa15ae83ae470aea2ae87004a433a051f7f5f46f4d0069af36684c175be7503e

SHA512
219a493bfba553234dcb90c8180ae2d090919f596c08c1aef8790b0154c268723816bfffc1675a23db02ba1177554242c5751153dfff8c62b5750293dd645f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
32c25c1d187c77c56b91a7e258d4c56a

SHA1
e66278d7c447fb7ec7c6b6ec48a3c41431118472

SHA256
a7a2c3aeb7406150ff3ba4d13909738fbc3cb76e94d2ef4e826b71371ad20934

SHA512
d36a746694ef147d8919edad7ccd85b23bfe8c003788fbf3532977483c76a5342dc24c2ce57319cfae872de58f7980b6e8c36300104d2f949f1a40e51b6693bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
71b66fc539a9bb9a2f3113bc4d4fed4a

SHA1
95f86accbd54c869d8a9ac9108a7017a1d1ac999

SHA256
cfd4330f24c2fa2cba22d5a41a21f37a25000f73cfc18b783671479919072043

SHA512
34962e8990bab9d2f2870c77a796daaea32c656b7f7c10b9db7bb347de27cbb4fc5301ced40e972157a006d3144bf4e287eea791886e7ec3a25425fbd369554f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d2ec4d68dbcba90c8ea7e3180625d20

SHA1
5049efab789f471bdcff8f9fc8529a590aca9676

SHA256
c4a779592b285778fa2e2aeaf6c94ad76bc4a11901c8ea2def58fe1153349b57

SHA512
caf6e2b5b0812370c64b13d3aba9821f439f98bbf6ab53833c844d8bbded8bd9da8110d992549b2c8ab3033274aa2d6f47f2ead972a0158d03d5414fbfa31d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c8a1d328e846886e708f34eac7eec04

SHA1
876405a1af9d7989ade03c2f72a333c118ec0226

SHA256
e22851d52b98f4507c494f2f6fe0a711f2f965bf1413125864c5d3335da2d960

SHA512
a24eda742ed235a11d8e73709a97130d03cf7e5a9242132bbec575018e8d52b5d4f9631c969b781e992fdee11b0d124f327dcd17b83b7c83871efc23da7f20aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
0df4e154e5ade816faa420bef96af535

SHA1
b55f77fcc0d7b4d0f3fb61a613f0c45356772cfa

SHA256
7f67541df9bafac0576fdb7dcc6db1f8861042f58a11a9f9723cb604263ce0f3

SHA512
e32c981fe97358d2ca1209308f67d574fff46e39f2e175832fe3792db252621ac02040d79b6021fa203a9a49c0e423ef8edfa6713844a091f69cbf3c835baf40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
0bc954b7b4865219b4f383bbb6022535

SHA1
790e6d90e27cb9075b384575914facbbd9f54177

SHA256
0bd5034b9dc3a010eb5da34bf8480b4f85639e8b18ab27f9c28d1e505ecced85

SHA512
e5d54061f7377663e42769b65284b7e0633390efba5df0ca86d23b6deff230f77e018544df7f5c27d15b45aa29d4e34a1557c7915699927dccca9754888231c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\569C61B7C5AF4CF1CD3C872D4AA55B34BC2D473F

Filesize
33KB

MD5
7d9a786f0eee34c46463b323d22d0c63

SHA1
51774f35cb84da0da5fd8d41e364ec526932fd53

SHA256
2db60e294a636af6f7c4bc96ac1e9c1fd3f54eb187da4d1d66ee81594d030e76

SHA512
b648823210d4675675ac3eec6c6a245c32e65bb5a36c2c06c52339f16d0348eaac8d5140d7e83e1a74df37d8572f5577d15c08743f3a57dc938a1dd33131e381

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
73b3ea8ce21742a750d5d07d20632e35

SHA1
c152e16fbdbce0fe588fbf68f61932ec0aa24b1b

SHA256
583ae7954408b252324ed98f423d3c58867813e9fe9e809c315dc87d1faf395f

SHA512
69e493d753080d47d6addddaa5cad2ddd0e30e0f51601fbd52a464e2b6d2f743e5b4231af3c478c5abbdb194051be7e0b16bfcfb11d0b3507fb7c10c11020385

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\7550fc65-8814-4932-95f6-ffd36cfb615b

Filesize
733B

MD5
6444dd81ca9c29e5f9eec9086c4c9d41

SHA1
97f5666cced3f0fbd51f1538cd66f96778e0375f

SHA256
fe8ad1e5edd738db83ad13e524494a0a5bf4e87cbee5a24cd67fc31cc87d75a1

SHA512
381da88b209360929f60cfdaf793592f25a84f1a896cbb499d9ee1d1958e5657497688fdb50ad8d3ae42918ab54f1ca8e670539108b602e49230fbc67abbede3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
e3a0d7cce3144ad4834a3a56604c1293

SHA1
7071769ab5c7d1df6b05d60a64ffabb87393a506

SHA256
d8ff091e4feafc3fd1ddce1bb00b3bc9e19af8075c70b44cd2bfa35e44045fcb

SHA512
3b9ff558fcbdf823958fe0a65ce2e03c9505dad42f4af6fa8d4f0a02f8d19343aa26600d1eed8b6c90cf39052a10b6a01999eeed8e93f08a3a0fc370c9ad2b7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
2f04739ffa0378c103b802f1cd318077

SHA1
0eb3941d0c044766b151fde8fb48d079eb36941f

SHA256
87b4cb65aa91934fe83c1b913edb0d43c83522203d3a58deaaa9e6d042348394

SHA512
053c013b11edecba0536dccd3cd955b7c839754f522c88de99687d270bbdb9a52e50e2ed6addb6e554eafc21b455ebe8c222de5ab247d55ce20a6223f60de1ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2c33f8090fd256a4543fff74b04ef577

SHA1
8e34f97128dec1e9e84a343d0008aadab120c21e

SHA256
e296a5bbcf964d1311cc01021a02a34f52c2f9ed9bb906f6aab2bae8323d887a

SHA512
ca475ded33158a56ca31cd83483a23e1c8d49269b477544fc2a9d6693fe4a1bdfa56fbebb358388f376ad9c57c2d46ef7e9698abb0d151aced377fc9073eb538

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
de6e980bf5322a5f1f2db1128a81bd06

SHA1
32af1a3d0116e888b551d611df6eb491045a635f

SHA256
9b4beab49c47d623a6892fd7e9ec4b7a7736ab2be41a1c30a268fc412c50d4f8

SHA512
7bfe69f0e02b08995ba6e95e9dc8b058dc233861752f0d6f74cf8174cac420987efa8955307e2a39410928712d566c1499d5e40d30cd2bf2e3f7e6d013c90bba

Download Submit