Resubmissions
29/12/2022, 00:57
221229-bbcx8sca96 829/12/2022, 00:51
221229-a7zw7sfb5z 829/12/2022, 00:46
221229-a4x87sfb5x 8Analysis
-
max time kernel
287s -
max time network
302s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29/12/2022, 00:51
General
-
Target
SKlauncher 3.0.exe
-
Size
1.2MB
-
MD5
32c7e3347f8e532e675d154eb07f4ccf
-
SHA1
5ca004745e2cdab497a7d6ef29c7efb25dc4046d
-
SHA256
107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b
-
SHA512
c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2
-
SSDEEP
24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
-
Downloads MZ/PE file
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 50 IoCs
-
Modifies data under HKEY_USERS 46 IoCs
-
Modifies registry class 35 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4081⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6644f50,0x7fef6644f60,0x7fef6644f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1084 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1860 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3260 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3596 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3692 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3868 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3976 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3912 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3888 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4036 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4052 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3868 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4012 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3712 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3852 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\OpenJDK17U-jdk_x64_windows_hotspot_17.0.5_8.msi"2⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1064,3295851295043608632,2213574136535494753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CE1763C12924A7DF818A5EDC8115AAF42⤵
- Loads dropped DLL
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003BC" "000000000000049C"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6644f50,0x7fef6644f60,0x7fef6644f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1136 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1812 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3348 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3564 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3668 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3676 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3868 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3932 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5688 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1128,18343528727622503315,16211751328658881736,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 /prefetch:82⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
304B
MD5a641f5c48784f9e4c7705445fdd84ff0
SHA1c2b961b65e9b47d81f4fa8ce34a83c83ec37d3a2
SHA25652d8437c018e3b51a20f14a2d4793113af2bb5b21d7e7a4ffd15c7a06c726887
SHA5128fec9debf589b75b33ed35bd16ff400049b7ff705004ab4e4dc94104b14325a961f19f1f52ff0a63645972b17df3197620788151c33aa4b1f2b7f7431a049ad7
-
Filesize
304B
MD5d870c3b929f26478a684253554f82f34
SHA199d32b1b302c12603a59c1b26bf8321e4a28260e
SHA256d3ecd3a16a8110d8746f1347827120719b098cfa401a6c261cff7d8bceb30899
SHA5125da77e44ff786601dc43e7c44513675489d82cd10eff81e6d32737884a5cfe46422ed7c0a650d8bc058b88ac2989a7a0cd204e16b766ecae8f013c191e86ab84
-
Filesize
40B
MD5ca0c469b8152e7e371cf08d73b026433
SHA107a87b72da129c4af371a735398bd1aefdb0e74a
SHA25649bf5be3f0eae3a1851a7ac6e98c2aacfd41d04b0bee3f34ea75d3fe76ac4996
SHA5122a051c82401a439602f6400b7af49353c869f464815dbefe068c3ad6249f7875e42d4c486dfdc22e60d54f711afc339491bb74922bba551df98e9ec0780dbafa
-
Filesize
44KB
MD580c3e82a458325c1b128c1258ef42f2b
SHA12424daddaf09530e8bc0085491c25dd8fafa2daa
SHA25643f5fcf8741f4585711e867cf75aebf34572abce026c7c6662d1ebe07ce99a7c
SHA512f2db4502fd8b24e897132aeb61a9ca43888a9a1a9a5277fc15f01e8db5a040aa5c7880843c4f5f738fe4d6a9830f27cd5c91b74697348574b08fbe7c9dd8bc83
-
Filesize
28KB
MD5ac8eb93bac930e7ef188c1395ad74496
SHA198902d450b64922243161ab63b6d5f43eaa82a6a
SHA256dc09c5d9b5d1c4b319dc15bfe3f5f3348fb0f34fe3a29507bd3727feff19ff62
SHA51250f53c07b5dd4223736f9dc9eae8f895b877c05e6df32b1d67afe3a0c37a3b112b45abce25c0642091b1e7f7c7ca69e0b18c6c85803c7343503acaaea0edf5e2
-
Filesize
116KB
MD52517cb705a00d4291cb5e72af8cddbd8
SHA1f8bffcacb6519372c5c964b608a7da486f8bc093
SHA25676fd2abe32add96a7a28b8f4507805c5df1c848fb8f7feb4de62bc6c2f281a09
SHA512f9943a324bfd885b739a6ce447080f74d81fd03123b73b5b38ca1551d1552a308ecff1e266dc1c594bb09b4feb8138b44f82556b0b85f9382fc81e04ebe88892
-
Filesize
25KB
MD5fb483dd5c0f0265e3be05bc3ade1cfd9
SHA14bd74192caf530b7f2dda37ae87ef3e3cd05ed97
SHA2562f97f33d6dbb6415b080f3e846b465a558538e4df3caca7b20281daeb7f6cc27
SHA5120f1c2eed99d18a5926d5a8f79c1ecb1c4ca78bb63d281dd75a7c65404e3cfe3ddef7eb7c41c2e8a2bc956198437371dc158b7704a0e45411d3a81c2c27955af4
-
Filesize
329B
MD55810264e795f7e59905902f5c214d4a6
SHA1a1ed1052fd7967a3059813df78d2c0adad16f2e8
SHA2563d8bcacb56aaa65fcd6e0ca851a9189ae947f8e6bed0dc6a8e32bd530d963003
SHA5126bb2c792bfc1d1464cea5526cbd14fe67d7dfab7d726eaf6ad583b04241ff82f54d948da3873c3df3c742331a8e9c0f877e60fa8f1731992359251661611833b
-
Filesize
3KB
MD57511be086181bac130a4e036e9288639
SHA188097eae8e96aa39abb497c8dc2fa22373dabf33
SHA256c4a115004601134613a1d905d04b6f19af7898962466234853ef4dddfaaeea63
SHA512a3e422bfd67487aba6b448fb9f8b2128cb6c289b80543cf1ad5192c29d4eadf0272cf3e5ba3b2b9bbd78c545149a9d5fa2f05ca6a0a5e4deb96f3cc2fc09bf6c
-
Filesize
5KB
MD5617e44261be46bfc27ff46f56dfa102a
SHA1e449c925665f082ffe5d502565240adcb5648293
SHA25649efeaff0ae97f235a73c21112dd50c3e86788a7656a2e92c2bf206aa71c4f96
SHA5126810d7c51650111156dfcfe5c7d93599be6ac03198d371eeff0e0d3d86ac2904bc1dab6016f457953ef7520c1e6fc0beea95ae1a06e4c272c0932a9e9f3ecdb1
-
Filesize
15KB
MD53d319287c240398d0e582b6c1d3b6c62
SHA13f11ac874c3e02480471971e76a5f8666c60c967
SHA25612010c0b64bf97941ade8118860084943adbb9e4a97059ca70cfaae3b57bdcd4
SHA512b85c7df826de44a27b33b42ef1ab411fd34dcfd30bcd89ebdd4f573c2c163ac101dd1d467c54e69515d7dadad12afe1830e6e38411f3950e5d0283b0b08a4ef3
-
Filesize
8KB
MD58b0a8f66e1780a9c326fc5dbf544391a
SHA162e800c49b903fd37f4365c296e8700a3554e364
SHA2564edeed7a32326fc987723f3932ac85d1da3f478944a622289bc7f6d2bdd9dca4
SHA5122d13255139b17bae086cf333f220fcf3c2a675cf2e19c8c342b8520a023b41cd6c14626ae755edbdf4e2fdd947a934059ae34141df7b45ad7061322b41f94eaf
-
Filesize
112B
MD58779105e4eebf8a427db0d533e43870a
SHA1bcae95651745fe435543a4dc5137c0e8a635d5ac
SHA2567065d458824f6e763723e091c22a1fe15c26936f8f4849396d5bb5bea9aa4ddf
SHA51237081620a7abe4c8e2d8bd62165635bcc452dee34f94d670cc505d9d8172453eb4b7cf3f7f7e1a64a2d629b8ae19ccf4452bafffc77e9ccf6263a546ccd03143
-
Filesize
345B
MD59534c313116023cddd32e709c8243299
SHA1f5f038f1a6206da38a680aab38108c15a6781185
SHA256c4f89cbe5c0fb3fbf81c1eb728a6205065aae9651ef430bb102299651eec4f15
SHA512827a50c741936894e2b48c0272eeaefeed9da7658997cf62bc91463c8033069678bdaec46518e80d45f795937f1040e3b83cf34c5dc7611660b530d2986b47c1
-
Filesize
160B
MD5de92ad90be6d3364745b2f73f4c3cf73
SHA19158681463bd30e5af4dda4baac81f93cedbda77
SHA2560025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0
SHA5129e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79
-
Filesize
321B
MD53d7969d36ba1a279565dee1fc9077d67
SHA16672bd58eae4d8d971ebbb4443f1540afa9690ad
SHA256fce82549f5036f05d8d0e7201d8a3293431afc7a106e5ef082896c6bdd65776e
SHA51219c87f01d0e4338b5bd763396659bfc2a7da7d1af0e117f23b62402ccb7719c81dc32f82598a4f2bf875e20aa238d484d9d4a6c940615fed7d7436bd5486834b
-
Filesize
1KB
MD574d169c8c90c1b48f81d151aea9f036b
SHA18badba0cf12b80b31712707dbc4576fc531bc749
SHA25682e2169d0aafadad90f17e3802a89ca066d545eee63ffa76fbae4d5db69191c8
SHA512a1afef02ee6311d49ef958e24266b86825a6165199c80dca1e97d69342269444bfdecdf7d5e37089949ae62c06a6e458fff7ad17ba5f0ad8a695a530ded7bb8e
-
Filesize
128KB
MD56fbb1d77e6707ee9635e016cc23d0abf
SHA16bcfa4e8a4d0943f9e244a723b75a301eda85d36
SHA256f6ae0a3ad9d4677fc8341177de6414067e1342d08d21e4dbf3cc01cdcf883f13
SHA5128db9e26ab63c84a2f1c148af16c996b7f60d0a3ae58e02c95d645cf3a8b72c22b68eb621080454d7bc0df2a2eea72e061d70491f5606161a15744d212ac6256e
-
Filesize
88KB
MD5bc4132e7a60a2b7e833a6c34877be1dd
SHA1b2227b8e109513b4951dce03252a18c4e008a190
SHA2563000393f7edcf8b987bac95620cd31c2ed7f28216099a96ac8195fb9a50e330f
SHA512c44ba3d64bfca2e68aa4da96ad7f6d0911fd5feb768f188fc7331fd14871b5b272f4ea6f85652a5bd80b839be2ebd9f0e44529c5ef956ec647dbd44bea59847a
-
Filesize
13B
MD5b63048c4e7e52c52053d25da30d9c5ab
SHA1679a44d402f5ec24605719e06459f5a707989187
SHA256389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359
-
Filesize
106KB
MD505cc0897632e7eba017115e65674c143
SHA1b19759ebf889ed7e115cbb9248259418a0a25b6b
SHA25647c0a4c3eb47e62f1f2aec8366b01eb0b787b9c55922ac4270857c214eeddddc
SHA512f8343a99a4ed94f2fe22bf8af182196a6d1c5100c363e602a2a7a95d3393979ad5967496aff337801433051f7dba0defc1e6c46b1e0d85031553bc6feff85e3c
-
Filesize
264KB
MD513f877a0b0993ff018308dab9ccf5d68
SHA17f9c7cd16d14b0ebafa7a135f80651e24e741bbc
SHA25644a6e9e2067166da2d06f9a565e26d1ac0964fa5b8604a58a2055d28d82a649d
SHA5126d3e4646343d64d822337f8b4e16c2fc2e5061ae1675169f1cece569255ead2b88fc0c1568d72c7ed0012e0af2b0d8ac9d7f26da10dbdc70aeebe2ae1a4107f2
-
Filesize
160.2MB
MD5134f7ff76b5573eea19d38dbd24f1710
SHA1fc761b265e064cf54af2447ead40f619213d717e
SHA25633a2d3d25d83cc6c7e5e7267bfa4c262319555f402d771ce1e05abbf52183391
SHA512cd5a28f18bec9176b22b89ad6384f16af7b7b48bb41f3684be27250edf9811df7d6b06e8d49aa0eef33c9393d1dc216eac68c2b334a1e9af2393d06b7ba31e4e
-
Filesize
215KB
MD55a36af31695af76ce3aa1507611fe5bd
SHA1255787a75d37258a02e6f0d19a83d96b46654d80
SHA25617a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118
SHA512b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d
-
Filesize
215KB
MD55a36af31695af76ce3aa1507611fe5bd
SHA1255787a75d37258a02e6f0d19a83d96b46654d80
SHA25617a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118
SHA512b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d
-
Filesize
8KB
-
Filesize
8KB