hxxps://v3[.]playerlatino[.]live/stream/m3u8/531

Analysis

max time kernel
225s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2023, 18:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://v3.playerlatino.live/stream/m3u8/531

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133314151341335758"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4300	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4300	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4060	OpenWith.exe
4300	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 3192	2120	chrome.exe	86
PID 2120 wrote to memory of 3192	2120	chrome.exe	86
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 1504	2120	chrome.exe	87
PID 2120 wrote to memory of 3388	2120	chrome.exe	88
PID 2120 wrote to memory of 3388	2120	chrome.exe	88
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89
PID 2120 wrote to memory of 1388	2120	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://v3.playerlatino.live/stream/m3u8/531
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce8969758,0x7ffce8969768,0x7ffce8969778
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5496 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1672 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 --field-trial-handle=1812,i,10846035843898945709,6655521489048404329,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4060
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\531"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6e9cbd260a666fbac1b69a2c07afe83d

SHA1
fac0e84a36bd161d5ee6fab631d531da6ed0406a

SHA256
396d33d4e7ec4f3cf8a8aa8e5f3516ffca95930598bd8ef90cfbf0d6bb7af149

SHA512
fe0075970d6450fd08fd329eacce00cbfcbf1f3a6e7187e1213ebe740d897b5334c1f8d90b508a4d8247a14e435378d3738971c705df7241dd35e18f371ba526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d6ed60a99f8f8f4b4bd37851f5e66c4

SHA1
832f3283036117f5c5d11f66dbcd6a9fb4c363ac

SHA256
29bddbda6a4d8f686fbb08d8b011fdca26de4b3fa3aa6b91fc94b0492ecd771d

SHA512
391217dbb28c19a8eaec1af4bcae7f648ad81ec7a39bd01d67c48330ec36aeb5d0d6a807589f9c9140f078bbbb7f8fb61212693551c387ccc98a9a721bc8094e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd0497b38e48a40f17ed2b712b4028b0

SHA1
b19d0f4de03895437745662428002bd1f0c34f51

SHA256
3a36390a6b806f11c9f7575d8b4f0364ee3106bf693d6edde32688e26fbccf3f

SHA512
c1bc08c1e6724aed44dcbfe0f526ec54de0ed903fb447a3c9b5f7efb9de1e7d119b45bd3e3ca11efa741b2206df5d51aff0bfc694a4a755c9f60043759353300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ae789f6d16c9aeaacc63b74f5e69d415

SHA1
afa3a624c6d9bce1f407bc16e7ff3462495f495c

SHA256
c29f0a66b038210f20cf313961e741c799af77f3e5b7bf00ed31571bc84228d3

SHA512
07c08f18c6a4203a8c7b5d88a190131b1da0341a26ef903a34bcaaa493cf7fdd0c3a24385093b74f11445f0e11054dd25eb82104f190a79b64fa5d3e81bf6d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
5a80fc73a1af8578b1a4ec9426e2d947

SHA1
3f68cceb044e4987b7bff723080bad29ae01be52

SHA256
8d571cfc28b9734e2645691d18bd44b62ca274b3faa313c2329e53b2a7b9a0a9

SHA512
b82ba39bfbba40ce3b8bf381aff381b601a29852c65d0d7ca9a616e556b79d65bcff5af95827fa24c698ddb83cebc237b67a6d604fde31b78b001e131069371e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
a2ac8a8332531be6daaec9e233fa44bc

SHA1
8578b8cec98eeda19eabddb7c14890384b8a8385

SHA256
320232a9a6969c9e567bb3bdf2f8221c2f6440abb624dc7c6488d7999caae6e6

SHA512
4d37bd66bf7061d30efe7f5674b8133eaa5e176062a98e5977b2db2ea8d33206723d42da6910a073f29a4ff6205b84c68ed41962d40ac3e3334a19230806f669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
15865fab4975cad533cf05b790e414f0

SHA1
b877119cc2f80cccc9117e271821d346ab3f7519

SHA256
fb799084d2077c88841692879340e673d5098ca331f95ddadd1ad42b5870dfc3

SHA512
746fdafb711c46439f9da12118f49f6bc7a3408e5aba491b42c05356ad15e18c9dc6421ffb7ee236d8830ddf24da7a99fae3f1a5b3c784ca3b262b0f72ea5088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe577a60.TMP

Filesize
102KB

MD5
d24108c4636e413305e5240bd962bdb4

SHA1
b24a1c4e0eb118807b915cff5c30adb16e4681ec

SHA256
654beb7fa5487d84a3adc369891fdd558015394b287d77eb5f8d03098dca8c3d

SHA512
a7ea4b8237592f0a9d6e02adc73d08a22aedbc349512b5c6778230649390ce6cdb82839bdcf103870cec5645c545f0487e674cfe6e75bdf2318a652417fe149d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2120_1521705295\8296f28d-0a69-4fb4-ba8c-002cf1749a56.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2120_1521705295\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
66B

MD5
7ac2c03aa69d9d38d79c4b3da7af7893

SHA1
e4de366d9255e1a40a933ae96fc46543aaf1ae41

SHA256
ee1bf64b10c4a8846123fd4fa73276d13f963ef5acb26d30b099e6fe8002beda

SHA512
9e7fc5fd7c5d1214bdfb5c1a9585eaf6de181c2987294877a934ab59ba75f7d89b710757408ca2c4cc64ab01c7090f61094524f183bd961c12a4461e9992d700

Download Submit
C:\Users\Admin\Downloads\531

Filesize
1KB

MD5
828ec13dc80ff3ff8ecb7c71eb33e612

SHA1
46e747402188ee068fd71802ac4e182f54a219f2

SHA256
8dec8be2b2f1d48fcd8ee738b30ab290ad8a0eca95ff0f4465609d9d4440bd70

SHA512
228c247b49c6a383adca85ba6278cc7a8f124d137fd405536a1bb11a2bcab3f06239fc536dccb18d31364c7ff86e93f9966aa4de169956a5465830f2d8169c6d

Download Submit
memory/4300-617-0x00007FFCE3460000-0x00007FFCE3471000-memory.dmp

Filesize
68KB

Download
memory/4300-626-0x00007FFCE3240000-0x00007FFCE3268000-memory.dmp

Filesize
160KB

Download
memory/4300-606-0x00007FFCE43E0000-0x00007FFCE43F7000-memory.dmp

Filesize
92KB

Download
memory/4300-607-0x00007FFCE3790000-0x00007FFCE37A1000-memory.dmp

Filesize
68KB

Download
memory/4300-608-0x00007FFCE3770000-0x00007FFCE378D000-memory.dmp

Filesize
116KB

Download
memory/4300-605-0x00007FFCE4400000-0x00007FFCE4411000-memory.dmp

Filesize
68KB

Download
memory/4300-609-0x00007FFCE3750000-0x00007FFCE3761000-memory.dmp

Filesize
68KB

Download
memory/4300-610-0x00007FFCE3550000-0x00007FFCE3750000-memory.dmp

Filesize
2.0MB

Download
memory/4300-611-0x00007FFCE3510000-0x00007FFCE354F000-memory.dmp

Filesize
252KB

Download
memory/4300-612-0x00007FFCE1EA0000-0x00007FFCE2F4B000-memory.dmp

Filesize
16.7MB

Download
memory/4300-613-0x00007FFCE34E0000-0x00007FFCE3501000-memory.dmp

Filesize
132KB

Download
memory/4300-615-0x00007FFCE34A0000-0x00007FFCE34B1000-memory.dmp

Filesize
68KB

Download
memory/4300-614-0x00007FFCE34C0000-0x00007FFCE34D8000-memory.dmp

Filesize
96KB

Download
memory/4300-618-0x00007FFCE3440000-0x00007FFCE345B000-memory.dmp

Filesize
108KB

Download
memory/4300-603-0x00007FFCE4560000-0x00007FFCE4578000-memory.dmp

Filesize
96KB

Download
memory/4300-619-0x00007FFCE3420000-0x00007FFCE3431000-memory.dmp

Filesize
68KB

Download
memory/4300-616-0x00007FFCE3480000-0x00007FFCE3491000-memory.dmp

Filesize
68KB

Download
memory/4300-620-0x00007FFCE3400000-0x00007FFCE3418000-memory.dmp

Filesize
96KB

Download
memory/4300-621-0x00007FFCE33D0000-0x00007FFCE3400000-memory.dmp

Filesize
192KB

Download
memory/4300-622-0x00007FFCE3360000-0x00007FFCE33C7000-memory.dmp

Filesize
412KB

Download
memory/4300-623-0x00007FFCE32F0000-0x00007FFCE335F000-memory.dmp

Filesize
444KB

Download
memory/4300-624-0x00007FFCE32D0000-0x00007FFCE32E1000-memory.dmp

Filesize
68KB

Download
memory/4300-625-0x00007FFCE3270000-0x00007FFCE32C6000-memory.dmp

Filesize
344KB

Download
memory/4300-604-0x00007FFCE4540000-0x00007FFCE4557000-memory.dmp

Filesize
92KB

Download
memory/4300-627-0x00007FFCE3210000-0x00007FFCE3234000-memory.dmp

Filesize
144KB

Download
memory/4300-633-0x00007FFCE3160000-0x00007FFCE3173000-memory.dmp

Filesize
76KB

Download
memory/4300-634-0x00007FFCE3000000-0x00007FFCE3012000-memory.dmp

Filesize
72KB

Download
memory/4300-632-0x00007FFCE1E70000-0x00007FFCE1E91000-memory.dmp

Filesize
132KB

Download
memory/4300-631-0x00007FFCE3180000-0x00007FFCE3192000-memory.dmp

Filesize
72KB

Download
memory/4300-630-0x00007FFCE31A0000-0x00007FFCE31B1000-memory.dmp

Filesize
68KB

Download
memory/4300-629-0x00007FFCE31C0000-0x00007FFCE31E3000-memory.dmp

Filesize
140KB

Download
memory/4300-628-0x00007FFCE31F0000-0x00007FFCE3207000-memory.dmp

Filesize
92KB

Download
memory/4300-636-0x00007FFCE1D00000-0x00007FFCE1D2C000-memory.dmp

Filesize
176KB

Download
memory/4300-635-0x00007FFCE1D30000-0x00007FFCE1E6B000-memory.dmp

Filesize
1.2MB

Download
memory/4300-637-0x00007FFCE0C20000-0x00007FFCE0DD2000-memory.dmp

Filesize
1.7MB

Download
memory/4300-638-0x00007FFCE0BC0000-0x00007FFCE0C1C000-memory.dmp

Filesize
368KB

Download
memory/4300-639-0x00007FFCE1CE0000-0x00007FFCE1CF1000-memory.dmp

Filesize
68KB

Download
memory/4300-640-0x00007FFCE0990000-0x00007FFCE0A27000-memory.dmp

Filesize
604KB

Download
memory/4300-641-0x00007FFCE1CC0000-0x00007FFCE1CD2000-memory.dmp

Filesize
72KB

Download
memory/4300-642-0x00007FFCE0510000-0x00007FFCE0741000-memory.dmp

Filesize
2.2MB

Download
memory/4300-643-0x00007FFCE0810000-0x00007FFCE0988000-memory.dmp

Filesize
1.5MB

Download
memory/4300-644-0x00007FFCE0470000-0x00007FFCE050F000-memory.dmp

Filesize
636KB

Download
memory/4300-645-0x00007FFCE1AB0000-0x00007FFCE1AC7000-memory.dmp

Filesize
92KB

Download
memory/4300-658-0x00007FFCE1EA0000-0x00007FFCE2F4B000-memory.dmp

Filesize
16.7MB

Download
memory/4300-602-0x00007FFCE37B0000-0x00007FFCE3A64000-memory.dmp

Filesize
2.7MB

Download
memory/4300-601-0x00007FFCE3A70000-0x00007FFCE3AA4000-memory.dmp

Filesize
208KB

Download
memory/4300-600-0x00007FF7A8B70000-0x00007FF7A8C68000-memory.dmp

Filesize
992KB

Download