hxxps://my[.]dealersocket[.]com/emailtrack/track/track?siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=https%3A%2F%2Fartecojugueteria[.]com%2Fnew%2Fauth%2F/dqinon%2F%2F%2F%2Fken[.]haase@pcg[.]com

Analysis

max time kernel
149s
max time network
145s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16/03/2023, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://my.dealersocket.com/emailtrack/track/track?siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=https%3A%2F%2Fartecojugueteria.com%2Fnew%2Fauth%2F/dqinon%2F%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234659196427093"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --single-argument %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\chrome.exe	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2580	chrome.exe
2580	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeCreatePagefilePrivilege	2580	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
5108	OpenWith.exe
5108	OpenWith.exe
5108	OpenWith.exe
5108	OpenWith.exe
5108	OpenWith.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 3188	2580	chrome.exe	66
PID 2580 wrote to memory of 3188	2580	chrome.exe	66
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 2948	2580	chrome.exe	68
PID 2580 wrote to memory of 4652	2580	chrome.exe	69
PID 2580 wrote to memory of 4652	2580	chrome.exe	69
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70
PID 2580 wrote to memory of 1336	2580	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://my.dealersocket.com/emailtrack/track/track?siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=https%3A%2F%2Fartecojugueteria.com%2Fnew%2Fauth%2F/dqinon%2F%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ffe31749758,0x7ffe31749768,0x7ffe31749778
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1964 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3768 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4772 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3280 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4560 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4240 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5140 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4540 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 --field-trial-handle=1728,i,14248807821556117342,2438893408571963237,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
  2⤵
  PID:1760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xa8,0xac,0x7ffe31749758,0x7ffe31749768,0x7ffe31749778
    3⤵
    PID:2028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\93dda50f-0df7-4af4-8d00-c4d7d2fc743b.tmp

Filesize
107KB

MD5
eea2d8b392c0a7e49b7ea1d3889d7c0a

SHA1
29d45745de490cbb560a3743708921fa5ea05d37

SHA256
aaf025554a93bbe6b81defda9c1d1a593ff6a36b4bc367e8fc65fe5d863e3eff

SHA512
906c7800de6237746eee509d0ba9bfb6e4d605f5edc8ff47eb5bcae1e80dc492ea44997e4c7a9984dede2a091a53cc1ab0a033ae99e1bf2e8711c63fc9470121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7e05068d2412c7db92e0ec5ceaa5be49

SHA1
519794651b8752f75dcd408959b820d173cb0335

SHA256
7a999f68ac61774dab7ae808c82213102ecaa7e9f0e597d8e6c5b576e6551872

SHA512
aed839b570defcf59e8c598ad5dae410e2c6c75bfb236e5263b6e40f7c1f119a52972d07fe888995508f6d43ae65d21dedd28fb9b4a1e0373405c5d09a3d6997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
caeba2bd507e4d2b0469a5e48655f33e

SHA1
68e11dfbc47f5753db01cc437eed7b8b1a11c033

SHA256
6205aef49c11f3ba684c70d3e24239cc1e9ed5d25c8c3147d07b48639ec147ef

SHA512
234660973639e297c9564fb9fc1a46fc3f2eb1b3a746caf2047a661e81bacde6e835f80964f70aad513671cc6b3eae166a0e6e562efdd2f0de4a1f87d7e03098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0692f850222f1f40a3b2d7b55d50108b

SHA1
0eace0a2624af7cf5ec633c58e1741495ca4a83d

SHA256
6295e6502ba263dc55ff7a86151e9cb5341cddee6e474a563f99eba32587b190

SHA512
8e753ac247909bb3abfd956a307f5746af8d9130a0bd945aa63480bd988c96391401a12fa5851a4c32a3ac88b271876aa964f0c8fcd5a398053ba3f4fc139840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
60adf9f1470e17b2c225de045f08fd1f

SHA1
95c25cb5d91936703eb74b67c30ac003c5037f7d

SHA256
c7e02d462fe0de095dc49faa0ca55f598e4c7c003f0303b05b208ee1ddfb4150

SHA512
64d742160854358168e58f38b66776b410ef4742194c6c215cba32a7a83e54e33d5cba67979361777f824c121159ea0f3a8f771d418cf2720f97e17c1d5fc55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
90feafd72f23f831b3d02debd8902ec9

SHA1
3dfe877330b814314d58ec78c7cb435998385a69

SHA256
4792bbc4d0c86c4561446b1a9311383fcf7024af0b6a1f72a0ead0ad698c4d06

SHA512
0f3c1338888c8f4dc4d60ba8e13aed18b4ee84b4dc8142cba4c4493ec0b107c998bbf561196a16da03654bf4fe67b05ab33feb84e47c77446e091826bc56320a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c564ada9bd7f8e95b90f24c97be21baa

SHA1
af80df9894b3dc211b213963e7bd9d9898743e7d

SHA256
a04597bd3ccdd830162c407daafbfc579d947b95536455c4d49c0c859be4d9d9

SHA512
fb79046f0b1550c0769f35e701d92179c40cc655ffe765b9a48c3b0ec464cf893d84d93db5bb9e98367fc915210686b8d92cb0132e88ced9f54e02f373f90d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ca177f58e77abd6343366ebdb1224a04

SHA1
54bdfb08efbd80a95a8a4ee2b6391c05a71ffa4e

SHA256
4ef29a9a46b6053628efa3d3c111848f00ca706e4ef828dd7a2f4279b9abac04

SHA512
fc0c1a27c42476986e8b630262a6deca0e67d647467adbe220a3cc53de47005fb6adccc8bc0c50fda379e4a22ba9c6b9a78c53c3aa5f4292d0af7e02dbcc07f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b9b70f145c86e16144f681ec7034ea9b

SHA1
078329fc569adb58be1f0f52cd5094333c3ead16

SHA256
971f222ff089a517dde98f35b02edca633c8d8f503e07591ee53161af988c6a1

SHA512
4c7ecff072ed7f1331739f1c789ad4b750b568fd076173cffe4b600ca95d6707618c15848485d090747e0c145e6a544cf267ba3767275ecb953ac186591076f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a574f1948c0372e87fb91f572595c2b

SHA1
e7c1756ce561b4677f280f402f97132cb3436b26

SHA256
fccc38dc9cfcf113ec185da5407663334568b0adf481dda65f279106630a27f5

SHA512
ae9e9b8239c83ea75356355fc23d068a4b95991e228307e3db788ddd59a202dc34f168f159642139658b5e0be8e265b171cae0870f2fb102e2aeb0b03c63808a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
a6775af6ce21a62703e55df77d779746

SHA1
20d93b79315ccf875aa2b87e4adfb3942abc9e77

SHA256
25b88ed257eade84931d85cd2fd7fbce9df0af90ad37e390e0f2077cae162aa7

SHA512
077c633f3b0e8bb2282737598be04c18136031a319468c61feacbc8589273e3c6372f70ad97ac90eb93652046332390b731e7d4c8f389e07d93d3f98143e17d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
059cfd982b9a8236f6203124563abdda

SHA1
d01e0add537747b0c8bece0934b28999e1f3f3f7

SHA256
70d99d444cd370752b1ec7c1bd68bcece0836eab0dbc5e6f5f4d4968fee9d68f

SHA512
1dfeb8f04d7e8559c630b41973b61b12a0d4cf32df273b3fbd753f97c81c8780889cd4df4bc7843642b07832f3e3512974b15f81550f44b1c0232312b3ac73f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
32dd02deb77e4d60c6e7cc42555c3b60

SHA1
6a62f693a685460ca97022afa3e1e302f19f147e

SHA256
d11bf35d4f29f78e9d7ca01098d76c109c048af48d8760c205e1a911c383b3fa

SHA512
5cd27f7405ac0f894da8f2a6c7832e7c5f66662e30e4d2af004ee9d4793a8e6cf4aa543eff7ea7ebbf11c92d06ef55474a54796afffd77fa37c1e313c534242d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
02b960336fe62f213d08b3c1200e5eff

SHA1
4a48ca671605fec877c97b016ad53b62e7c3c7ec

SHA256
c25507e8e97028a64fe2910802a9c44fac929c21bd9f43b5be2c47dfc0416200

SHA512
b6a19b223ad4225a0f0d4ada3f7f5753082e58dc6d24eee522eb7a6023e32914bcccf563bdca5bf51ce4bb4bf965dcab2c28afc96fb74fec6bb71808d1d529c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe578b38.TMP

Filesize
98KB

MD5
67a08903bc41bf56f0c4c370004c62cb

SHA1
4b39f24efcb9e4525eff72c05c03c29344a89cf1

SHA256
38ae7a12909d80641d2c1caacbc59d4860389d1895702f2e6b799185c6f6f954

SHA512
f310c47bb9024864dc2266b022cde3452bca1fad47aee6508467f526ab34bbee749f9fe90b08bf3222d837deaec32c1b887783dafb2587fe4cd953a0fbcdea0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit