44caliber | 57a5f69ecb165f207619bd57d9e90d9bffe9fce42aaf791480d8e33174044411

Analysis

max time kernel
60s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-03-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

free.exe
Size

6.2MB
MD5

cfed224f0e753bf34b8bffabfba8479c
SHA1

bcee57728c634793c6052014b796805e5228507c
SHA256

57a5f69ecb165f207619bd57d9e90d9bffe9fce42aaf791480d8e33174044411
SHA512

1eee0590536bf57cc5900b6feaf9a0f266bdb7ad920b78caa6a891d79127ec02300e3e673feb5e61bcd4538d2def4ce3383cdb17a10178e4694818dd3dafbb14
SSDEEP

98304:ljqCvkjEYbpWmvDRIG2tBUTB0l6eCFyQ6RjE9jFe9yTsSg2LFDwbiUoI9GM67SKj:ljejbxyBo0l6RPTe9EvLFEirMT7e

Score

10^/10

44caliber stealer

Malware Config

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber

Drops file in Drivers directory 3 IoCs

Processes:

free.exe

description	ioc	process
File created	C:\Windows\System32\drivers\sdfdgfsg.txt	free.exe
File created	C:\Windows\System32\drivers\gfdgfd.txt	free.exe
File created	C:\Windows\System32\drivers\fgdfd.txt	free.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

free.exe

pid process

2372 free.exe

pid	process
2372	free.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

free.exechrome.exe

pid process

2372 free.exe
2372 free.exe
2644 chrome.exe
2644 chrome.exe

pid	process
2372	free.exe
2372	free.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2644 wrote to memory of 2536	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2536	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2536	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2504	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2388	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2388	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 2388	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe
PID 2644 wrote to memory of 1684	2644	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\free.exe
"C:\Users\Admin\AppData\Local\Temp\free.exe"
1⤵
- Drops file in Drivers directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cb9758,0x7fef6cb9768,0x7fef6cb9778
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:2
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:8
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2340 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:2
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3264 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:8
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2688 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2080 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2772 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3432 --field-trial-handle=1260,i,4363389056136377450,13143948896167242793,131072 /prefetch:1
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
PID:832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.0.1545177389\1926940369" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1188 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {037eb0a3-a3ca-449e-9949-6efe8284ec15} 832 "\\.\pipe\gecko-crash-server-pipe.832" 1304 122f4a58 gpu
3⤵
PID:2196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.1.1984879011\962015792" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8703ba85-4abb-4fe9-87d8-b9827094c579} 832 "\\.\pipe\gecko-crash-server-pipe.832" 1508 e72858 socket
3⤵
PID:956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.2.1387734062\1543438858" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b9db14-40df-4cb9-8e24-cc1b0e8731bb} 832 "\\.\pipe\gecko-crash-server-pipe.832" 2104 17f69e58 tab
3⤵
PID:1812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.3.1447828649\1763777738" -childID 2 -isForBrowser -prefsHandle 2528 -prefMapHandle 2524 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b380c8f3-95ec-4f0c-9d37-f1ebed63cd89} 832 "\\.\pipe\gecko-crash-server-pipe.832" 2564 e6a858 tab
3⤵
PID:2232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.4.1456362379\1319407520" -childID 3 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe4b4453-c108-45cc-9e8f-c4eeeaedc371} 832 "\\.\pipe\gecko-crash-server-pipe.832" 2932 1ba49e58 tab
3⤵
PID:776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.5.805475726\2021012285" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7ddab79-5824-4411-a806-8fdfce8bc5f3} 832 "\\.\pipe\gecko-crash-server-pipe.832" 3804 1db92058 tab
3⤵
PID:2128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.6.235308893\1614390146" -childID 5 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11d4e764-29d2-40eb-9d94-7ce2455a54b0} 832 "\\.\pipe\gecko-crash-server-pipe.832" 3900 1e1c2958 tab
3⤵
PID:2464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.7.1854696933\1583450592" -childID 6 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3318bb7-c1f6-4ea4-9970-99e2193e97e0} 832 "\\.\pipe\gecko-crash-server-pipe.832" 3960 1e1c3558 tab
3⤵
PID:1192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="832.8.291384348\1169251334" -childID 7 -isForBrowser -prefsHandle 4420 -prefMapHandle 4424 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54550084-6141-4167-805c-63a95774f69c} 832 "\\.\pipe\gecko-crash-server-pipe.832" 4408 20955458 tab
3⤵
PID:2832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
4ec7a568606de61c0044fc8f9452e476

SHA1
72de73d86ddb81db13a9a610449341f15bc7b3c2

SHA256
eadaaadabd061d89b9725cfdeb9ba89f2fbcc6fbe20ed19578264e42dd8e7990

SHA512
9dba3b7122a22fd362b0cbba624d9ed48f74d7da626a65b53767200e5e7ee4b37e4ddd7d662eebf3d5979c559463c51fd5ad43a9876b4cd382c35356a53c8439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1169a0a1f6962df19abb96512872b566

SHA1
e8146014e552f82b48d8c65b0f88e208639d3506

SHA256
ca3b86e5529cb5729d671d5cc1bbe3d48bd87f4ff0c8a7ecd66caccee7b8d295

SHA512
5a8903552e5518bf3fe6cb9312477e0305c391cca5d184e85234a80a3eeb6b5a4deb49db443efc0f73b7cca5d7d3d7a6aba826454d142623d84570c89af26538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
019523cefb1afa17dc575aacff19f80d

SHA1
4bfb3f656fc06e5b3c9069298f8a6a7d684f45b9

SHA256
3dc3eeaa8403e25b2b0de865f5dbca3d35da4210f15b297b5011df8504aba469

SHA512
2f3bcf1c2bf7772eb396f40d5f8ccf0d6db18922e7b1cb354ff53a8b0d5f0f79ef29157d77051db782d847531ecf6777eb71480d19d6675c0e2f3b1cc7c47001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
759808e610e3811aa83ebd9b948e7e2f

SHA1
b64f9572cfeeabb3b716efd50bacf6ab8f4b57af

SHA256
ee3478e5e9ba02962f71d22efd295a026e7ceb581784c3714188b2a028f5a300

SHA512
2d433e044d2f7e754f3a91a03de500f15c7727bca800b612638d5e356b3620c87b185cc6da84fb07e17686d59b95a501f3dd74e82c3126c92724882026f18bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
5e3a01c28c229387101ef3487b1362c8

SHA1
ff09350a2a5c910c1ac22b6e39bec8bbdec19b10

SHA256
8ba67a2899c70f75a514026f6b5ba129c0eb4929efb344d913cc6b50ab63b2f9

SHA512
c7421eaba936e730538431188b88df24e018e3e6676a453e05318f34c110956eb172f9d31af6345847e0acfdaebbab406753c2cdba7f8ba0e10fb981e2e7628e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
ff3c61673e0784d9d19b0bcfa7fbd743

SHA1
30ea47f31a708155857c0a5b0c78672289ae25db

SHA256
989b790f19ebda5b80cc8a8b4dad826d4c8b7ada0c583ddfc887472f355f3ec7

SHA512
f12f2b1d967aa0a23be602fba62804d43a1ae34b4c2ffe6e6a7a95183e7a34f77355e9b232a92ec82cb53a90881f381ac6c493a89510bdff2907e63d27b1662f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
fd8455aaa48b9806c2c12cb9339d86de

SHA1
00987a00f31a4c40ce314e7784f40512104b30e0

SHA256
ce4eb7bebdf30ef73fe32080f88e1029c39f75cb46efde9494dd4b2f149ec367

SHA512
4b6a06516aeaa62d868595c4914efd9b32b73fd820ba9311036737a4b728d6dac34ab8e032890a582feece1e4e8d76e10c63b0ad59f7ccd564625d5491ba753a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
e5a27af477bdcd9d62c7d42043c2ee1c

SHA1
d28ae2f12c082f72be652ba6485afa64542d183f

SHA256
1d167e2445c3aaa63dde09009289773bb8b7540bfd36c353b7fc257f08f05675

SHA512
4b0c2b5e09cab5f09ba38619e95b102a08d4dd51a25e388609307b23d105f76938908e94ed0c16c8e3d19839ad67d51092f46a8955daba8ce42e06b72507429b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
e2adb9030e185a0bec2ae7a76939c917

SHA1
adbb6e066604bae5c6fc4e60d535000d2d8984fa

SHA256
75db6fe6b84ef2c7f6a93caa3a8b91523c219153d3c6f0a4c44d77143428d711

SHA512
fa88671d153ea849c5a625a8f36068b6ebff234e73699e7a7422f70e161cbf77fe6e745a64fa486d261ac211d2256f182aac3077f1fdd15b3b9dbbb0bca8b18a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
597a64c40140db0ab2f4902323cb942a

SHA1
db36c2ad92d287ee47e14be037c4ed9546f20c68

SHA256
deecd848c19eb74011785fc43457205cbcffcc00197c708ae4237b11d6a7a6ab

SHA512
f560f52dda8d7a932405456a173c1d78fd9f18e345f46bb4ed469612955d0563f435a313fd335ab2745ac45c4687e97687fd60e9fe0ac6e028f28ec5ca97d432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
8efecec5ff8f5582ee485008ec57c8e3

SHA1
bb432f4d329307ed4dc2080f2e4504e6de8b6eee

SHA256
4a87c7d45aa738e37b4744e540b5fe440062e4e1c55e27cebd586f99cc71fe56

SHA512
e7a31274588bb4f43b33daa5347d77396cb870a741a3ac05a08c9fd430004410433875d4ea3ae313ccbefd0292c7e7bebc4e3c0129ebc0fb40a03b49704db9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\be89a665-5bb3-4d22-8081-b8dc3e9d8f72.tmp
Filesize
256KB

MD5
26d344dfe0224af7aaaa31ad5e322a5e

SHA1
1dbdc9ab9bf3efac638a7d2aff9f751849fb339b

SHA256
a1a649f8084425046a1f746d6ee874a848df78ca74416a91583fa1ca609feb81

SHA512
d9e7084dd75f3f6845b2dde9334e314a2183c10f21029074dbb15c7ddcd9d9ee52b0d7c91b9fd659fe809d6655ebb7728c6563b2818745fc0c7a6609d78e9b0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
b70e5cb4ed658dda156c4588e28bc624

SHA1
ec3e739daec3b0d1569486178e6a98c427e21829

SHA256
c33d92c24e409c10ab6c5e843d6922d0db453b8d590db8309a8bdafed6e738c7

SHA512
80352a216a95ac395bce13cf1357e2988ab1569aa0da2428bf900830e1a6ae976073e34945753c012609b00cf752e1c6b0bdc0892a3bf82feb9002bb8571bcf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\datareporting\glean\pending_pings\2141c42f-288f-47e7-98ed-dc6c297e9b43
Filesize
12KB

MD5
83b59267a2dac6b1ba74536d7ef8fea8

SHA1
8d9160bfe557fe3d3fb237ba905011386b078b70

SHA256
65cd30a7700212020711b1959ac44bd8757ee26c23d75f9e3d47d7a46dd061d6

SHA512
b994eb41d5e0d347d7a183b220a29f7a8c2b13ff2f5015415a323365a381930d0516137ab98cb0dfb33e436c2dcad9abcf808cfdc59795261e088a1728e2a428

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\datareporting\glean\pending_pings\da2d44b0-b765-4cd0-83ae-e79c995eedaa
Filesize
745B

MD5
8c96abd512ee7f245ba845a78c29d231

SHA1
296cb35b7c0be06aca4295bc7d66b37b47a1d14d

SHA256
d2776c937dd9a980362b4824d007985da543e7adfee280183aa442b6c91527ad

SHA512
be64aab1ba0a3c4bcc8e8e163b16a8339c636379e31a1795bdcec36b171a132974519fdcdcb43e0a1584f02295aef765742e9d10d50784626da9306984f9806c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\prefs-1.js
Filesize
6KB

MD5
2fd2523673ac199fd1824f8b8206142b

SHA1
134a332cae5ccb7584d29dfc187a80f1a055c76d

SHA256
05a94bf03220282f6acbc8b7987e7d7bb61007631a5ecd2dbafa41a194a39d98

SHA512
26f9d4027ffe474ae6b7906e01969896bf5d4324f219c621e98f72d84a3d6e87e7eb10b5b1ef9ac4745881eb17097d0ee56706b6a556c0f67fc3c829a0875da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
3a2dd99b1a0482f610654e39a30228f5

SHA1
82b18012e27bfefc7c68f376597b3713e7afcfe7

SHA256
eb26b69fdefe169f84bdb2c6f9f2e957ab6199bf24861fe80199c7de2e87fff3

SHA512
d71a23d26b0487c2aa543721162f5e9e243f37845a6cf00c09edb3a4614b0ebc059b4500aae7e09445bcd4d4da230edfa6ee089e425071c93e9b1fc399fa52b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
c7106054170c0b408374629b081b3435

SHA1
dddfa925acb6611b36d8fbe20b14a8d4d4ad29b2

SHA256
058cb5c5125a473c715e0b49ebf8c2eba748ad1ae123f4af2ae16504dfcc7b6c

SHA512
da8e467b3751df0020214b9fade32bfe28c1732b453292e4f56cd58790e77ed7186b3cfb5f7454326e19bfefab46561183fe8e1807e95b9faccedb22294be006

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1weu80pa.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
4a98f2208d46f7c74236489de985eada

SHA1
d09d8f44de53c4028e2c1003ea5bd2d0fd10ad89

SHA256
41ebb98a58d1c6d9228b86d328bf21bbc8fe8f1b90c7ad980ce4bd2c2fdf4011

SHA512
e1cd26aaf5c8ca2ee0b70eb7d3c05bcaf6307298a7140d309f22892663999fab4f28c993ed85fc65915f89d9e0127d6704573c176cf08412519a052f9263851b

Download Submit
\??\pipe\crashpad_2644_LCNTAUVJCVPXOCJC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2372-5-0x0000000077680000-0x0000000077682000-memory.dmp

Filesize
8KB

Download
memory/2372-12-0x000000013FDD0000-0x0000000140890000-memory.dmp

Filesize
10.8MB

Download
memory/2372-21-0x000000013FDD0000-0x0000000140890000-memory.dmp

Filesize
10.8MB

Download
memory/2372-1-0x0000000077680000-0x0000000077682000-memory.dmp

Filesize
8KB

Download
memory/2372-3-0x0000000077680000-0x0000000077682000-memory.dmp

Filesize
8KB

Download
memory/2372-6-0x0000000077690000-0x0000000077692000-memory.dmp

Filesize
8KB

Download
memory/2372-8-0x00000000774D0000-0x0000000077679000-memory.dmp

Filesize
1.7MB

Download
memory/2372-9-0x0000000077690000-0x0000000077692000-memory.dmp

Filesize
8KB

Download
memory/2372-11-0x0000000077690000-0x0000000077692000-memory.dmp

Filesize
8KB

Download
memory/2372-0-0x000000013FDD0000-0x0000000140890000-memory.dmp

Filesize
10.8MB

Download
memory/2372-22-0x00000000774D0000-0x0000000077679000-memory.dmp

Filesize
1.7MB

Download