hxxp://edgedl[.]me[.]gvt1[.]com/edgedl/release2/update2/ad2euzfgyfswfjzdrw4y2cqdjkpa_1[.]3[.]36[.]212/GoogleUpdateSetup[.]exe

Analysis

max time kernel
20s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://edgedl.me.gvt1.com/edgedl/release2/update2/ad2euzfgyfswfjzdrw4y2cqdjkpa_1.3.36.212/GoogleUpdateSetup.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133277720494670091"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
4880	firefox.exe
4880	firefox.exe
4880	firefox.exe
4880	firefox.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
4880	firefox.exe
4880	firefox.exe
4880	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4880	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3228	2256	chrome.exe	88
PID 2256 wrote to memory of 3228	2256	chrome.exe	88
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 4420	2256	chrome.exe	89
PID 2256 wrote to memory of 2812	2256	chrome.exe	90
PID 2256 wrote to memory of 2812	2256	chrome.exe	90
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91
PID 2256 wrote to memory of 704	2256	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://edgedl.me.gvt1.com/edgedl/release2/update2/ad2euzfgyfswfjzdrw4y2cqdjkpa_1.3.36.212/GoogleUpdateSetup.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe48c9758,0x7fffe48c9768,0x7fffe48c9778
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5068 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5388 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5524 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5784 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5880 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5608 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3256 --field-trial-handle=1844,i,14001528285356400384,7550007213766116763,131072 /prefetch:8
  2⤵
  PID:5612
- C:\Users\Admin\Downloads\GoogleUpdateSetup.exe
  "C:\Users\Admin\Downloads\GoogleUpdateSetup.exe"
  2⤵
  PID:5524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2992
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4880.0.1022869379\1851730647" -parentBuildID 20221007134813 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55e3a689-17af-4e1d-80ae-b14c9c872f3c} 4880 "\\.\pipe\gecko-crash-server-pipe.4880" 1932 2aa4adec258 gpu
    3⤵
    PID:664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4880.1.647779535\1404878247" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cfd28e5-0028-45c7-b435-92a812f9941b} 4880 "\\.\pipe\gecko-crash-server-pipe.4880" 2332 2aa3de72b58 socket
    3⤵
    PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4880.2.2077825252\128515971" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3068 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb98866-e4ca-416f-8f6a-a04435f89838} 4880 "\\.\pipe\gecko-crash-server-pipe.4880" 3044 2aa4eae5e58 tab
    3⤵
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4880.3.912099989\1847710251" -childID 2 -isForBrowser -prefsHandle 1636 -prefMapHandle 3408 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72f17984-4b32-4ff7-add1-328517497d16} 4880 "\\.\pipe\gecko-crash-server-pipe.4880" 3392 2aa4ebc3d58 tab
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4880.5.1155490917\1257464929" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3348 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e25856e-a37d-4a35-b193-3e1d722ec108} 4880 "\\.\pipe\gecko-crash-server-pipe.4880" 3772 2aa4ed52458 tab
    3⤵
    PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4880.4.1712376781\1037795136" -childID 3 -isForBrowser -prefsHandle 3560 -prefMapHandle 3564 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa882c8-908f-4312-871c-23065e8090d5} 4880 "\\.\pipe\gecko-crash-server-pipe.4880" 3224 2aa4ebc4358 tab
    3⤵
    PID:2716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
161KB

MD5
d0689623f131fcb540b6b70ff1c8b55a

SHA1
50726cae90a7d1cd36246d1d929a2ab77a785de6

SHA256
345aa90fb35c263b36c1fbe3dbe0d4151029eb80bebb0b759b5344960e950883

SHA512
e7ba0546266d2e798912cae355aad65b73fa8c108349ea73074700701e55617c46a49edf531e2424a98aee1d85ce340ce94def0b121eaa191c0e510074fe58c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
36KB

MD5
48d1410a1cfc5bc7a0d2f1ce2b8b3a7e

SHA1
515c5afeb822f734b8a7aabf281dffc1c07deaed

SHA256
5102ad681f5a4e2a2bc352d8dcaa164b5f1071a56d1b615b3c00c155c4fe4217

SHA512
006646d53eaa25ada311c447f271052398cbf30ea5325a6760e1fcdf8547a0eca40cf721f16772ecbf1f81381507e67b8eefbb996b47eab809fee7789160a086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5a352d3234bad0d426cdcd83d16bc417

SHA1
51313c07d322c469be0deed2a45e994bed6acf3e

SHA256
4c3e5b727a3382f89224ae0bf7d32ba6a052565b26b1881e30e8871f6cf3cf3f

SHA512
e1f439453b47499e12e5154fb3e078e00ec1a1ad8435913d70705a76eae27fb49e9e36896ae5f6d01953d322869cd9517a35f878e1591892b8648d0c7402d1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6ea25d3d390b44dbf7dc8a7a6bdda4f2

SHA1
5f52ce9d11b140e65b4c4e1f1b19a4400dc63900

SHA256
ee0cfd67d7d355c13970c2b4f839cf7efcdb184a7c387f50f5eb9ba635290897

SHA512
4c8e1f2acae36d27ac2e0854be1aab70a9d9fb15c2e0e5be0eaea608e56adce38727a819d090bd99efde30d2dae68d3a7b548a5a871e6f6497e5df52b534d374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f3bdff21c10eea70bedbc906a89c3c5

SHA1
fb6de1e8468a0a3a3ba8888ab6e1a61f566cbce3

SHA256
337c127498def248b073c53426d7f285aee0a6e41fdc87b470047582778011bc

SHA512
71a2dd71beaa2b3d7dd181d3f2db3b5766bfa254ef047490e50e4bada98a1c0b90f8054d6eb1c1211ab9e67c86eeb318708ea9a06ad3b1f09663ff1a8c33a285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
21a690406129cccda2ffcf1cfe426fd9

SHA1
169b8b628d196c5c3e54f84e7923a3ae0594ed94

SHA256
ae4fd55fb563c68755cceb37dec248f9f4fc48d92a931b035c0539d580ebdc64

SHA512
6c4eaddccde5e2f6e9b963a6d34f89ed57af50ce22f84c6c1a308205c20fbb180a6703934b66114338bc0d49b47f5c52a7fce5cc1b41ce60e65c426163de3e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
ff319df7d3000761ca3b5d393f9980a4

SHA1
ac6a8b45528492f07a2a9fdecbbdc87d399e67ce

SHA256
946d2498fe721a85fbdf90ae5be000c5e5d0e5fbccb3396e31737ae77c535da3

SHA512
35c2be2435c0e5408682d4d4a5fdf70d1d9782f4dbaed67cc953eb509e4c0747861f6682f8dbf459f0278460d970a4effa5ef2773d7829c432a31e011f8215fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
6b5684e209ab6fd0ff2ac600f154e487

SHA1
c06f77aab48e2152dc7de1df94ecfad1db186847

SHA256
d0ded3784b9a61142a0941caa8527a45561ac5368a30ed3bf8e60038105b0a01

SHA512
760580af3e6ef7a837c7e5c592eea5930dc2c63ba82a04a5e27c3d64e94c9e934a5370ee397643f2025200d07ec75f3a9aa07426583b796844f702c6624cf8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
91d5e6016b70a404136e878eb7a1e928

SHA1
2684727b921a8ba74b7c4b475f211855b426c6f0

SHA256
7db855bbe6dd475d7d090b56e3332c14c2547b751c07847f77509b4459124f5c

SHA512
1ca16bd27c2d68cd5f1dac80e80fa79603f5a7cbcb9b491bfd5c50552656abf0e2be64356c3b72f274ba1d42a035e8a331fb16df7d26e217b24e1557822038c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
15de1e8758ca720b9a453339694a70b4

SHA1
d4c6d5e236a1ebf6fc2a153ce244dedda549ba7b

SHA256
6b4436e51a52fc9ba5d60a871a3b3e17abadc0ceff25e00f3650e7d827732d47

SHA512
8dabc96d0df64c7daabab222d96e2862afd9ae7c52da0f87cebc7d371c0e31cb24f69e558505bd19c3d1cc3c44ae25237b2b99b48a9bd11c6cb67e724d2877c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
701410ac8004ca24f132857792d33528

SHA1
28ccfab938ac49755b14de087654fa76951e2d44

SHA256
0944aa87d21a5f85a38e240f076be5bd21403a8e4aad02d5c6afb99e56fe30f7

SHA512
9e39fde9ef1efabf5ec0115f7f1cb6019b98c8f89d601b29f0cb5174a3f12d8c665e6bc24ee6ef77eccfa99629debee52fae612268c264769354425f7dc2f19b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
271B

MD5
b8e3d7365fdb733fe7e787a6178c0135

SHA1
057d12a7db7ea5f244f1f41a6c6d727530dc2d9c

SHA256
64459a6d9bfe5535cbe7157e3049c1f63c4984bf9363f3ddb8054efe73caf7c0

SHA512
cc7a322dfea0fb49ddece2aaa9802887131b83f9434099c0e4be6ea6cdfc566a9c17cc0975c8e2008ed8680413f4c30bf99d3058a9e1ac800ca91b1615e2be91

Download Submit
C:\Users\Admin\Downloads\GoogleUpdateSetup.exe

Filesize
1.3MB

MD5
2f988de40b4e6c069f4ab4f95d52dcc8

SHA1
a416abb9a9b5d35b1e4a1b0a850d4ea7bbf884d5

SHA256
a097fdeef2f869116ddbb4821578e66f5dd606ce4bb41ade58d46668603f0052

SHA512
00535f0dc4db445370527414e7e5f17f16586776e4925955af7d92ca1ab9784db968f173925844b0456bacda2e0edca9266d0d9bf5279eb3be23c28f7329acec

Download Submit
C:\Users\Admin\Downloads\GoogleUpdateSetup.exe

Filesize
1.3MB

MD5
2f988de40b4e6c069f4ab4f95d52dcc8

SHA1
a416abb9a9b5d35b1e4a1b0a850d4ea7bbf884d5

SHA256
a097fdeef2f869116ddbb4821578e66f5dd606ce4bb41ade58d46668603f0052

SHA512
00535f0dc4db445370527414e7e5f17f16586776e4925955af7d92ca1ab9784db968f173925844b0456bacda2e0edca9266d0d9bf5279eb3be23c28f7329acec

Download Submit
C:\Users\Admin\Downloads\GoogleUpdateSetup.exe

Filesize
1.3MB

MD5
2f988de40b4e6c069f4ab4f95d52dcc8

SHA1
a416abb9a9b5d35b1e4a1b0a850d4ea7bbf884d5

SHA256
a097fdeef2f869116ddbb4821578e66f5dd606ce4bb41ade58d46668603f0052

SHA512
00535f0dc4db445370527414e7e5f17f16586776e4925955af7d92ca1ab9784db968f173925844b0456bacda2e0edca9266d0d9bf5279eb3be23c28f7329acec

Download Submit