Malware Analysis Report

2025-01-19 04:31

Sample ID 240814-x3b1xazbqf
Target https://santa22.site/
Tags
microsoft discovery phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://santa22.site/ was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Looks up external IP address via web service

Drops file in System32 directory

Detected potential entity reuse from brand microsoft.

Browser Information Discovery

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-14 19:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-14 19:22

Reported

2024-08-14 19:27

Platform

win10v2004-20240802-en

Max time kernel

299s

Max time network

275s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://santa22.site/

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681369526987035" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 4524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2888 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://santa22.site/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82fbfcc40,0x7ff82fbfcc4c,0x7ff82fbfcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3356 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4456,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1032 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 santa22.site udp
US 69.164.203.87:443 santa22.site tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 87.203.164.69.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 adglznybo8.dooptedall.tech udp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 107.211.92.153.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
GB 153.92.211.107:443 adglznybo8.dooptedall.tech tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.179.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

\??\pipe\crashpad_2888_SXCFXZDFBBULOSFK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 4f7f2db165af8ef81092f4b69714b35f
SHA1 1355e6359fd246ff51d07e06dfc41e4519d00dfd
SHA256 f3c4342853dd14a29f50d9da5a012260e64859841a1459ee2021b202f360b199
SHA512 5b7a9e4ea9bad0c1aa0f12b8bd940866d3071c157c657fb207bb55cb518be188001989ed8a0d86417dab4174314954fb9751cc363b437e6efd1bce209ccb0ff6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 026d74ef4572ce7ab7e5ce22709b210e
SHA1 dfdda1291f9b8623ee9d7602a06449b0601c0367
SHA256 4a09c78e4aafb1dbae5c755e259848ec705fe729c84091b1a89c3edecdb808b5
SHA512 b90c1ba865c644ee1695976d8a69f573571b305989a6cb9cb204e70ab58f8c1ca798eacd33fa483af4290587fb0e15f7b7405cbaf5253a5d2d9ef1f5cd054d97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 029f3aa416f86b0d93b3d115ee77ae40
SHA1 3f6c3335d8b02ae9eeb9084e3d9deeebf0a1e0d2
SHA256 294db05734dbb7f89b1cda8531d05351a03431607d63c9ed3484ca731c7d85ce
SHA512 b5e8f2285cd5732dac82c2f0886002be8d73c8d9dfe7bfddab84b2e16b2bd1f7579e78ea21e0f7f00b695b7df8f8a0a1157fee65740582e0a8721f29b4649886

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 39d75548113728d78cb3a43bd38c8a87
SHA1 25919f6815d7b6bcbfd901a706e93f261da7751b
SHA256 16abf738c9135788c7df2955268fa98bbe83f35b3b0ed78c6c8c691eed9635a1
SHA512 4d595527ef61359fca7ef1a06837d25de508e4f7c08963c7a12fa00d8bff837f142b6518e7393cd23c43a7574d59eb121f12b5ff90be74318d248730de068644

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f72aa80f767034e361c66b0e79629b76
SHA1 c0b1e0d20558bfd3c4f33ff3e9a53149dfc758f9
SHA256 5f988a5da39815f274f7b824ff7db697f48e47305c2c00a6742e37875f472ce0
SHA512 d802eafc066767d4fac1a1f7cc6d72f60db37419bdb6af05f009215c7dd61a5a9a09477f7202070b35ea2e5f0222f7d63026f24ab5ca7a8d921d8f36c89ad841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e09c53b2e67d0cd52d8c818fe16f237a
SHA1 5cac232d99fd1413779ce419f461510cfdca883c
SHA256 9bbfdf946cd1ea401462f80200895b9bc6101189cea24263ae0fa4e72f9a03a0
SHA512 9124900182a85bbe4a95280d5e524a2c919325e10459f2ad80f6cb7c7045c8151c12b7d8ce8cee08c2708825656e62102ad7003dd5853ad3fbcec839529b7798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab62479633be50819d269bb3f74c3421
SHA1 dca631d3ed1f84b27039c7a9dd5ec2e8ce6493c7
SHA256 1fdb6b9920058173495e5439260bf685d765a84481f2103d0252175dabd5667a
SHA512 0093fe07e0053c17d3c926665a6ecda0fc31bdb7d3c46c2c58482bf4ff8ad49d27bf06a78ccc0869509e874d63d326ffcd1569f33173d4ae331cea41e9855c58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe01dee93b52526920866728f8f6d07e
SHA1 7bbfd2e98956138194236b8ca53138cc03b5b127
SHA256 fe5cb77ecfa43f0810bd6becaa9fd2073c5d4af06e3a55e37d6537a99ee60ae6
SHA512 d0f38c90c60d92d8b2219be49648ede5e634bd9bbb786c43d85dc02161ee1ff81f85aa21d787fea23e7ffd08eb57a1a67c6972fbcc1511fa7af3b3453fbac142

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 478d38709826897fec3fac4299ec9543
SHA1 ef6a11e8d69be035687ee9de65e64452a09be230
SHA256 0890879e255de25804e92ba6c111c2d69be590aadb14cc3a17924fd9d21b55ed
SHA512 22bbf9ecdc8813ee3ce6651982908d10c7a006f5acc83f69128b80990c581b57fcb65c576b560503f7367e7a012ea1901b1a28f8da844afb96ab16695cac3c15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d8c691a98ba601c5e6975f5e0ebd1964
SHA1 2900c2a3c8e6688118f9f45274e8f112e26ff489
SHA256 4425f25b0fa2fcdff018b98d165c2a6091d439fe94a27f98ecac84de9764a3e8
SHA512 d1bde624dcc85fa2b4b075c9631c52e19cdc7835f18ec03469b6e02f17816566745e44c98b342900ec5e47b8bbce5d9b939ac5dfacffc22fc18791180653e80b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46eaf221a9902adbb974a992367e2f72
SHA1 7057ddcb4dc0ca66397776731df1e8a75aa68e85
SHA256 ba136779a09a5c586c7248bae9da8be74eda232ffc2afdefdca0eeb432d7977d
SHA512 c05be81224b5b970e921960bf12c4ffb9de71037da9a19a9d38b5ffa94f1aaa6cc2748c2000e4ea4262229a3ffc03d78e299e69b7a96e18545707540ff47e976

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 facc41f701bf5bdd3a4eafb8afa3dfc5
SHA1 049f010b336fefd7aef76cbb645dbf58030507b8
SHA256 455ba936967674b10a4625537750f0cdd7adcef9434fbb9bb2bfce419e32c4ee
SHA512 328b8a88076d2275ee5f896afe622d3d278807c0166f780466d02779e948ad10a76f4f2e4ea0f6756e39a76a6d6dd89afbe0a9106521d081f49500381eac4a46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 910a679bad4975cc28d75d924d25436a
SHA1 23bc3b0772347a36973ac9cef7d3398881101019
SHA256 e95eb869f5492a190ee10111ee71d362e67d95dd65a06190b76e71f5d86fe075
SHA512 b4f2ca892d3c04fea366de1c6b1689bb7d2ed1c182dd2e8735a1dfbedfebeb76569b6f9c77851792a43248aca4a37d0b5f6f4292b34bcb25ae0ce7acfafa9482

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76f9c1901ede002694d2feb68ef24d16
SHA1 9ec558ee2df444b73e6ccc18aba3caca92f03271
SHA256 8ece408c936d3dcbbfdcefae750dea4f764727928825992f3afd68458ce4301d
SHA512 fdccae5d9f258dc532dc7ef8363e433e8aa9546d23e7c120fe22a3f6700f84d6c8243161a476511d24ec883fef841fe5c509b1b48d850ab18424b37067a7cd70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63411294a70abfc1c2d3bc6f865e3632
SHA1 3e9f5459d29441fbae7589036b23530489a024e5
SHA256 8a81e454a77b9c98f88bd4e47436a308ded1af0fb0a022e6776b02a35c36bde5
SHA512 93fbeaa010a23ea83e15b82e4bfe0d96c2a0dfad756a594454f61ae120e7574384ca942d1daed4af0cb45db5fc73866919aa57300c15f036be525cb0bce1723b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f11059991005499ba4deecd5a0542ac
SHA1 118d2182e7ca6e906ff05165c0d8a3dc1fb18eb6
SHA256 2e893041872ac576c6bcd8e3046ab695c4be4da5dd0f75d54a8530eee154a5c1
SHA512 dbba730dbd3aad9c0424d812c98cbc201985763b78d53adf7f595b6e8e719ab5f61553bb105784ddc79204d3646dea88f3bfb46409710a6017b26598aa88f9cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76e4021de206b299b50f3ac5bea107c5
SHA1 72706de1e247b486e3b8ef704fbf6da4ff0f6302
SHA256 099bafff6c078fd47dbe8dab2de2f28cc9b04522734f47b111c502bce8fd4d24
SHA512 adbcf9e348900cc5008dc24e8a26e1157e20e9f421f8875611dcaa2261b800b1b5cf0b9c8103964b5488352d6c7f0f764838b163aadf844e447702581f771b96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00de9e5c0cf8f4d4a0bfb774f4fe1e43
SHA1 6cd2180ae881347a47deca9f6c2599e00cd5d62f
SHA256 cf6aff6a37b564aba2fbefbfd9d1e895585301d2a3557289520cb08c9fbea1b6
SHA512 52e2d43b829d68ab5be19d3d530b0f624f52e86674307d8de3d9ca003518899659a9c92add9205d2c69ef0744d6b3a747a07906e5478b56f2139929c32f3b4a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ceeb53e2cad1c9c88e549cfd7a3416c
SHA1 d2512d550a6549a5c19ac15846dd3ec0dacb8ac1
SHA256 d3eaeef9ac5f1d2d6562a1e0b0f2474ff8ea6b8c76dddb4ece0b016430832702
SHA512 9730024144075c827e2b75e0e3b7c4c287f069c43324439067ae97e46f4dc0f5de18b10ceb3aa031c614295e284ba2b96da416cbb6b48678f5812e284c967caa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35326d32ce7dd72e77e3177435a1472c
SHA1 c3a6d4b5f3c11e05c7aeaaf794f5500c9c14e397
SHA256 79010086677bd3c5aea0e042b25b9a296e54b14e14a6695a1f98d6f249cffd7c
SHA512 231f988d6569165efa9cdef8185358e8266474e4745bde4e4defd75e66c2ccb0246b7f1739ea99e557916f62abaccd3d818a2d5df6cf9f8be5af60e446598a27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0939dec502fafe1c018b237d79265b13
SHA1 e69256496f85223c050da0a5f3e12754641053e6
SHA256 d61cf0c95bf40178bc3578d5bbf7d4e66ba35b44a1a9732a2ca0beab2a517bf3
SHA512 9ee5bbb8e4c5bf505c4095864e8a75eedfcaefe030918436a46f4708c525ea7492cf6d87885832f1563e84d4066aed555999b62840d56b52efff26bd2706f29e