hxxps://youtube[.]com

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230220-it
resource tags

arch:x64arch:x86image:win10v2004-20230220-itlocale:it-itos:windows10-2004-x64systemwindows
submitted
31/03/2023, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247624616935590"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{7FFF24D1-FDF9-49F8-8717-5BBB3736D804}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
868	chrome.exe
868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: 33	3976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3976	AUDIODG.EXE
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 4192	868	chrome.exe	83
PID 868 wrote to memory of 4192	868	chrome.exe	83
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 1324 wrote to memory of 3892	1324	firefox.exe	86
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 868 wrote to memory of 4468	868	chrome.exe	90
PID 3892 wrote to memory of 2816	3892	firefox.exe	91
PID 3892 wrote to memory of 2816	3892	firefox.exe	91
PID 868 wrote to memory of 2548	868	chrome.exe	92
PID 868 wrote to memory of 2548	868	chrome.exe	92
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93
PID 868 wrote to memory of 2232	868	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa55519758,0x7ffa55519768,0x7ffa55519778
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4716 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4932 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5712 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4600 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5840 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5704 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6416 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 --field-trial-handle=1812,i,1343651776886510095,4286984081178768458,131072 /prefetch:8
  2⤵
  PID:1072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.0.1674998788\1334911988" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1696 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ab0bbe4-cd70-4a98-a771-e964075cfe1d} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1928 283a7f80d58 gpu
    3⤵
    PID:2816

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\97ba664f677744cf9297354530284953 /t 3284 /p 3892
1⤵
PID:696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3660

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aa32715d412cc1ea832b06e72bee197e

SHA1
d8b31a5240525d134372a45c769be8c04433564e

SHA256
086a8044c54ec7cd7ed57099f5e355eb10bac024f2d6bfeab991a0c9f54038bc

SHA512
6b673b5f4db39c7aa3375cba4bd5fa2147ecb3961521a977e76707436f6045384ecef949c2cd7936255d346e9f34ac5f53104d0cf01c003ce73dd6a5464956fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2c2c9ce88c9e6ea1e23f8687956f1f74

SHA1
7a9c40a630da3281d15eb520b74d3dda97b844cf

SHA256
14d4261eba15606df1cf97ee6143898e3add966d1c10441575ba8b3878a606ee

SHA512
2f5d3b9233e81707d6ab5aeecb427dffb3718f4f94e5eef34bc9df342249abd1acbb0e82994bc71acd086cd802c28c33d7ef516b54786c52801d498c23be0db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
291f399d8b11c52e122a2283f15e6809

SHA1
89b47e8101ace84ff44905c321f0e078c062cb84

SHA256
62f9e3ba7ddcad54e5e0f8fdf4ff614250010457ea12053c65680e7f424531b2

SHA512
3f89954c5fb5f349a4ce89b2fd6ee30cd08009097a0084d4d4aaff53ecb01b1de8313819060246adcd10f0d56a492ef7e56d6b37aa02b402271ff4ed3ea56acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
a19219d8106bf469cc9a11d351d71814

SHA1
58127472109bf81b5d63ed3c14cf1030ca971281

SHA256
ad5d3bb45d0462cd543083ba8b9f0527442fc3e4be6df0f8a6c6804c2b48d250

SHA512
3e9417aba98892674bef0bf9f588d3f99be473e6c39d59bf5baa9f32b723739a6b4a18d6ef718a7310fef95c63b219a4bb047b7b1d70200fa203e3c022fe7bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
ae4a538e854d1fc82b7ce77efda23f0c

SHA1
99ff73c88d021fb1510e785eab651dc086c2836e

SHA256
f0978c6d8f7ffe980a3ac1043a7ba1733ed399eb8876ce07e6f1b80eb34ba445

SHA512
eebcbb357f622fc0a118fd85b205ba42dfb3a9a61fa759f7f0cb5ff81bef2846d739a1973d4900969ed6d8164e39b563c1c0ab864ef7b8169ae6677e43a29691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
140ddb5d51bda4dc578b0a3eabcf02b6

SHA1
fcfdfb8766906f89e73a7a2c6cab69212df73225

SHA256
95101cb1137865f1f13c2c44ff42f1d23ef2ed41776770bd55ec35c95412e9d5

SHA512
f769e84467abf87f1f7ea40970b6ba36c555e28decf2e36c409aaab23c6a8001d4f68b565b80cefbd2450712e0a7e72ef298dc4aaf31fa2e4ab8fb5f78d99a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5bc89643eb52e649d2483236686c2f0

SHA1
02af32582009a04b73162c5b71c5b41947a767b7

SHA256
f0fca7540e791089bced2390947f3f823af94b0692af6fa2f653e73e021b2519

SHA512
000d4e9b3f43498e70ed06ee8dc9db38913eb18684b90dea10787f373ac59bc3cc670762fcb9ed7324270b1e62eadd3c15f9ba6f135edf82ab14af169742ee03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9c4f0d75167f7cb037eacd2b1911a8f0

SHA1
27716488647c0b4a1ffd209a99af8294b708d1ee

SHA256
215a3c0f82c4cd186753a0e19f6f76c8b4b483fbd0c4a7299ee5924d9890b8d7

SHA512
3d404dc09b7d1edc822a064569d6515cf14134001fa9075ef3778ff1da9b94891e27f027d854294fd42dc0cc54f4f4f577320f9ba322ce5e12cafe70bf632523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8b525a9f127f7200663448bf92e97844

SHA1
83811b613271ef96f3009c67076bac99e7db95fa

SHA256
7d6a5d3493f0f42cb8922f297af93ceaa4113af80f2cd632e49e68280c553015

SHA512
7ff544fbe75ed7e1c05db6047dd9b19395632c600182eb0a485849538cda883d116a551640871911591fdb2304ebddaa43197f9c9bfb34c1b271cf76995cc0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0889af63b015088e62a333bd3a8f4788

SHA1
c1673fef8e1ef94bc7b5c38b834729afda40ea6f

SHA256
040614ff59eb4d376c599f48cc55ae00f4c3d74e3f0e475f0f309fb2de5ecd78

SHA512
f424337409308f57e4a2435f857847d35d5664881ab755f367a5a8fffc2a527b5d1cd9abac38b56ea15800ebef42a74a50efac4b3ee0dda325906674da777522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2aa61c821313ba8648dac68d3ba305ca

SHA1
3e2feb168914bfb0c253dd8a391807990ca2cee2

SHA256
88548ef423b8d09d06a7eb67554257337077afd63a875b8aa7e8d5d0c1f9a2f2

SHA512
adc2a3f70349c04a046a2fb29f1273cfe17aed0f78b048596a1fa39aa8cf19188a254a48130c16939b0f8e5b30a83e9ae2a1083d0160128508ebb02bbd74e95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e8f53f7-95ce-4730-8929-c01451f1ef6f\index-dir\the-real-index

Filesize
624B

MD5
1aa4c131b7e5b3fe811a13f581da21ff

SHA1
bd50809f07de50d91a0a5f401cc783e8f42243dc

SHA256
82da224cf31e3ff26322eef74e1c1720a1572c9699f1bdf3315a849f682d39b9

SHA512
985da8c8bbb596ef16a8c40a86e3053023589df216bc6a6996846b2cd61d1aba0c9c2b4f3908a4d411858b0304e098b11c6723d8f667f656f1c818194d5e1be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e8f53f7-95ce-4730-8929-c01451f1ef6f\index-dir\the-real-index~RFe582dc2.TMP

Filesize
48B

MD5
0f38f0ac3d29fd2b6d1fdad484800ae2

SHA1
a861aecee74fead3f69c8e9949d6c52b4797272c

SHA256
921ed0318bfc20b72a32a4b3fab9f323210f8d350b62fd3cc7423aa2d22a949c

SHA512
9b0a6a09b419b356cc86279bb3db5d12023a0ca4f8381f45d870342eef205c3962676a4e07bf2e1161f770e797426536236cc83f08f30fdfea26dfc7276b97f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
7642ec8f177bb30aa4cdfc138eb41d86

SHA1
c9e198df533bdd131ea2bb9442e2e705084340da

SHA256
f47e42aefa87a559a16969fb28712877bbca78e821675cacc60c20e6b2319626

SHA512
46e4b8b0d572e41c0e368e5f331a953543e4039ad700701580baddd8189d441bcab1808b5d996f985ec908c7a751255cfe8c2beab532e7ef1177c0c6f9fd25bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
890ac11396dd955eb9357544d2942064

SHA1
9b35b5e194eaf6e249fca153c00ca33041b574a2

SHA256
25eeb0c7139d096d6425f4b68f0ed785c205256876acee17a2d9a0849633a2c2

SHA512
5bfb3c045738a3620359a8c5412669b74a1d6cca14174d2d65d763fb09e0881916cbfdfa56f81d08fca03fa98bdc38af16dc26f61a0103b2a7b6487266dc5e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57c40b.TMP

Filesize
120B

MD5
67ff31b659b26103c6d6c13a27015829

SHA1
11a152af483449bb68551019ef2db48e9ad397e0

SHA256
ca71e833528cc9d81b942a836823095ca60df2f064d846845db310efb2f67d4f

SHA512
216050e9a3d67cb3239ccbe3cadc93b58128ab960603f7f70470c5f53db7cb4ec745344d02fd122cca805a2ad5313a0756d3c5d4aff33892fad9f04509e7e89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8b4709cb060671c4f2e40fe44d0031ec

SHA1
af2f70009d6b76e631d85fdb4ff85483ad20cedb

SHA256
a6c9669fa8b8551b674a4a8372012b86bc9195b2887b3c70558232eaa948b9dd

SHA512
6963b99c4d73f7e76f028a66d8896a187b9a64c1e96f60b9a5f7a6374e07ea0bae0f0bd83600c9eea43cb128bc267d2b3d14ae07ef2d6739dc94045ad9680410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581b43.TMP

Filesize
48B

MD5
21d43f9ccccc3d301f4c1f2b9753e285

SHA1
ebea7d91c83d592a02a88d70beb8b60b746f8e68

SHA256
f350f3674838a55eae665825c878512963e46fa2d3c6a4aa1bc87374dd041dea

SHA512
4969cbc83fd75542088692279a9d0052f57abc946fc5ee0d9387a631f9fe0bbe53c6d19e41d32804d6800dc47a71ee61f1bdf60c3266987947f7660f466d0b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
ad1a4c85fff5bcc9885f27c31862f2ec

SHA1
32d3d31c7b47d9e43043fc1fbbb4481b439eb357

SHA256
e1a369da32af606b39f8d93518df98ff3c4daefc6b069312d176416a2f11f39c

SHA512
988732de316682108ef4af086e577aa20824a8b3d989adb6907bc902d8d23aa1afae5f2a1efd26227a58cfe9243506e2d3a7d4ca13cd89046aa6917ef9fdfee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
581b5a13bcee15f65fb82cd07d6e8c3b

SHA1
4d9aa0813e3437d74228dbfec53288a5d13fdd58

SHA256
3179e54cc47efaa5e5f29f56d7ce550468b8e8716e1835eda26a5245c4325bfd

SHA512
77f1bb1e46ebc49b595a9e1ea9f13baf0a4e9ac635bf6fea34c6318adce0abd94cde14823ab680f2847348b085af6f951f0a31bc06be5bf2725c52293d0e17f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
529f33f3d983949789fad2d79774943b

SHA1
1bc8c47c1901a52da5a4c0a0aa987e297fa0e1bb

SHA256
507e4370d0420e33ad57d030b2ec21b6d57fa2ed7e061ccca1d707e4b32a95e4

SHA512
e206c83e3c6d5a5e145e1d0c7308bfbfb41320941934deed44eaf27a53f43c5832e93b740353988ed7e27a7110d1d1fd17c2538919f72728a771f1a080e93634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
532d7c5ed9e469be6323b4ce07695a8d

SHA1
d04ae5191b4dc03e476523a4fe03dbdb2be87f9c

SHA256
ca1eb184e6d0f9a07e8a41b47af32a6919653000a9118dffdf59f15ce744ab52

SHA512
25e293a81b07d863afe044161b54630df953a915e3f3b3e5338bb70522503eeb96cc1e760c3551f703433082d592b3ecd8222802e58f75337ddfd8bf64f5130c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588b82.TMP

Filesize
102KB

MD5
8fe4b62b434e56f2e81bb54414a50820

SHA1
73736bc501887aa13c2b5c39b1fe4800e4f0e931

SHA256
22e7dd04590cd5cb464e306765bfe17049fe44d24aa80c0faeabb17f75f558d8

SHA512
1fe9f3ed651fa0d700ae67e590e86981491881c7362a0fbbd61925433d0f2309f0fd562f2091b902e91f655cce89e2f368581aa09a6f4a808e95a56d7711fcf8

Download Submit