00bf698ad4ec1acabb7152657b7a35281d38c4a7ccb4c3724076ae451c75ef28

Analysis

max time kernel
1551s
max time network
1587s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2023, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Schermafbeelding_20221207_134613.png
Size

154KB
MD5

2edd98156eb904be2a458593897fc53b
SHA1

efcd98c578482a7a6eb80aa0621984ec90c6f027
SHA256

00bf698ad4ec1acabb7152657b7a35281d38c4a7ccb4c3724076ae451c75ef28
SHA512

4e688f63c95e1fd6c13defd5f3702fa7d244f4c101d30e2a43d3f1a343d0f9bd7ae8ca2582ac8e512c35a77f2e2acade0aca04a6c04f151a3204998f5c71039f
SSDEEP

3072:6NX650LEpNa4bX4uIoFtJa8KKouYw1jSaONK4/50hXJipqXhe2bgIyViKN139Ogo:6gY8Na4bX1InwZSaONn50hXY0XhXb14M

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
668	SKlauncher 3.0.0.exe

Loads dropped DLL 1 IoCs

pid	Process
4744	javaw.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259295753039906"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4744	javaw.exe
4744	javaw.exe
4744	javaw.exe
4744	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4420	1840	chrome.exe	94
PID 1840 wrote to memory of 4420	1840	chrome.exe	94
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 2024	1840	chrome.exe	95
PID 1840 wrote to memory of 456	1840	chrome.exe	96
PID 1840 wrote to memory of 456	1840	chrome.exe	96
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97
PID 1840 wrote to memory of 4116	1840	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Schermafbeelding_20221207_134613.png
1⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd03919758,0x7ffd03919768,0x7ffd03919778
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4744 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3464 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4724 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4548 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5300 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5280 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5528 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5268 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5708 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6016 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4896 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5496 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5492 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6224 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1784,i,14497756591089593387,4854464057090814989,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Users\Admin\Downloads\SKlauncher 3.0.0.exe
  "C:\Users\Admin\Downloads\SKlauncher 3.0.0.exe"
  2⤵
  - Executes dropped EXE
  PID:668
- - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xms32m -Xmx256m -jar "C:\Users\Admin\Downloads\SKlauncher 3.0.0.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x448 0x380
1⤵
PID:516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fdbc0a5ab7c1f6ca3f2ae3fbc96215f4

SHA1
2b1d41e94a6c4bbdab9aa051d68ecd3d5666675e

SHA256
e7794bafe2f39014e1acb4e6524e94ebc92748e04cce69c9ca82ead1aad941cc

SHA512
d2f8c53e45d37e656025b8ced6d7cd590099fc612355d34411302a24b537a682775c41cd38060a7e0d2652b54fcf8f201c147b0729ddfd19d3a65c123d7c81f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f4ec8a2b8af1be21839a761de782c886

SHA1
c4dfb0a28ed00663d54f8cc4369d2aea4885d4a8

SHA256
d88c74f2c6d50da6c47bd6e07dbfcffbfa2edea6cf821c7c7f3108b022d18508

SHA512
fe0effc16be8b65f6117dddab9108b868e43a5ba39ee8f71691b56b9f068ac2ed57b667ef0ebdcdb7cb4ac725c2fb4cd8ff2b3673b5dea652d5ef2107a7a0c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
19fcc40baaf5f7f880d4984b3af15d29

SHA1
7a1ce42cad037afaa45b64a1ac3fc7a7a0c38334

SHA256
51f1075c7888aaa618bc18744e1734c303eb732c9ad93993b5439bba2eb71ebd

SHA512
d1535dc1afb07e6d29cb2ffcd897d3ac0e21e6db5d419c5c36d883299f954c6c4f25e5580e5db9aa1d637da890c14b3a7b4504181995f363c24ffc88bcc50a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
c58c206ea51cfdf77c7095e98f053528

SHA1
12015fec7c315333429aac57558e1e81f8b1eeba

SHA256
1e1d85c4175117708f9079a7ca19661b80831bff5062ff0cbbcb044d1524682c

SHA512
29fabb6a2cea72bb93263d7fefd5d454e03fc9b0c4cc7326a9f9c1619e3711644da737c922f6eea145edb7f74fc61ce55e5957bf65a4c7ef57f37963e6b46969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c389a088d3e2957fa8f31329a39c5db

SHA1
724898f9c2d176b6c3b528296f1ca5fca5bafc3c

SHA256
38f47aa3d3c8c56ae6bca9abdd99977519501281936f60e8f4ee27d8187065ce

SHA512
77bd8ea77ea4f38a98f6659faba30ef91a39f1b2c0c556ef7f6346055fe6ab33e717bed30ea09cda026c56b537df705ca35ce4ad1ad2263d8a5c1c77a79d5155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
99690abdd4159cbd1551d4ac8dd31862

SHA1
2f93b7718db749ac591c8d6a6f079f9cd5691d1e

SHA256
f8578440359196ffb3aa5403451819debf075d018be47ecbd62c82c8e44c0faf

SHA512
b6fd5629b8ff1ea12b81e9121094e345b6b937ec335f2994ef0c005da0a1bcc155d81bb5365da07982553071978f6fe3af458f2ae7a313be5752dd1dad66f483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f94ad31de81bf3e99703d7b2d5113ef0

SHA1
f263cd1c3ef23a6abc3f3e8ab97cc8a6367ae8a6

SHA256
6da125370ab51cfecade53a15515fecf8d54f199e43856d6c8800b1af533237c

SHA512
9ec37e012365fb3a5b7060b7c2dd4edab937fa2d5e9c510253647578e7fb77129c07989878fda382ac7b6c6b24f701d9ab0d1db0efa2ee760d20f02cd43ab152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9ab033fcc24aed3ed26b9e2db3b87965

SHA1
41ce691a4cda59b99079e6154a9a7f008096f9bd

SHA256
5f4744f2cfe5defef2fd3412c0410a8bd811216b963a62324a4e0501f2f12231

SHA512
6d619ff1b5228181ce9a2458cbd86f6610f70f8a60641a80f3da6f391cca2f11b5bdaae956a4aac90bfbec9f1ba0f714a7a571d5828b25493a391d5f85ce1c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
36b75bd4fa40053f8fa51b9c8da3723e

SHA1
37310f6384301fe28f8d78f7bd8f5e11989f45fa

SHA256
253cfbf75227047870855690d19d2174cf7698e0e98ac443d1946f4d2832c856

SHA512
69ba95f05d7afe1dad7e98d8efa4007de635b277c4a1bd968bb0347dbef0517720f411923a7b869a8b88e6befc810b1e17effb81ce1b1e8deeb4ef7b87f6cb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f7bdf2c9119e696f7c52af37945c45fb

SHA1
52e7f95ce3dd281e46aae028a1cc08ebbd0b701d

SHA256
35a8f3659998f0dd6183ce7c3b57c6f219289e985183f0110b18dea754943560

SHA512
b14cdda195364a1a87f1961ea29d2ee970f5934295a439bc7a5d334f19b9340d92ea95a4c878b70c9f5e7c340ac16d398117dfac13974d24b55d9cf4153ae7d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e282328f49b237c4a6918effbc4ad1e0

SHA1
87d2d4aff473f9a0a7084eea0ff797d6b2f56d1c

SHA256
4d848a6307848fcee7417b1c1d2c6db7a3d035583a88a27716850baa7ae91571

SHA512
6266e3a409b51b946dd817d56c8c4de041d539ca7fabd6ddbaa558f1dbd35d7ebb3db57043ec564b7de3f32d3d5a39d916089f9199619f16906fe5e6999c22b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
8e1fe6c28a268deb34d0faa58b66679e

SHA1
0f82bb3a8c3288d3e0adcf2de85c0c096ff4c59d

SHA256
726e62d399c59dd620fcd91b70279fb7ed8eae4ccd9bd3906cbd5829bd3356ea

SHA512
91c4883b7ba97095462c6fa35e51bec430e9907665734e2649162ecd8f28821bfacbcb8c3ef1ffb2744c6c9c0620a119f0af7d09a64833ca06bc0b33f82e9e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
53e7658c8338197192dec2a27fa5476d

SHA1
adaf61c8ef3a63365a5602c5a9988c87cbdda8d3

SHA256
8727dc6b06b19b10646f05027454ad623e3e8704af24dd6457d11588554344dc

SHA512
ec8cebdd1c1e3b488bb6efc12426437c3475e05d7e9fd74b7a5698c7ccbbeedfa9289c6c36c7ee5af726e1528304b17098d1af9d7f2cc670ff5c90f079771d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57739a.TMP

Filesize
103KB

MD5
cf589028e7df8b66d08a5e608ca24d4f

SHA1
8622816dd1dd30a00bb70cc364bd8210e3f19b45

SHA256
5cbcbbb3be8635edba2533a55f8ab92b8b3151e94b505492c3063c4daa1e028b

SHA512
ed96262db0a2408c8b813e815c41737312fc777b8db972f2fd42a29eb1ed8e746e244dd1d7fd47dcd7338f5bafd8ef979970de9c4902a63a91daa76c66cc0d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4692482906000.dll

Filesize
9KB

MD5
697d496ac9f5aaab8ae025322358c61e

SHA1
2043eac8cdcc2e24b854af1eacd77a5f2a395a27

SHA256
a7273a4cf48ab3413f2c186cc95a3367a73ce99f8d45329383219d4cc27003aa

SHA512
b6702cd49a3af9f97f697565136f140692af9f8b271e672f2e91c920a23212b778583786f2377078117113647926338614a92c4a2423318b7a21ba2fe3a89838

Download Submit
C:\Users\Admin\Downloads\SKlauncher 3.0.0.exe

Filesize
1.2MB

MD5
32c7e3347f8e532e675d154eb07f4ccf

SHA1
5ca004745e2cdab497a7d6ef29c7efb25dc4046d

SHA256
107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

SHA512
c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

Download Submit
C:\Users\Admin\Downloads\SKlauncher 3.0.0.exe

Filesize
1.2MB

MD5
32c7e3347f8e532e675d154eb07f4ccf

SHA1
5ca004745e2cdab497a7d6ef29c7efb25dc4046d

SHA256
107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

SHA512
c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

Download Submit
C:\Users\Admin\Downloads\SKlauncher 3.0.0.exe

Filesize
1.2MB

MD5
32c7e3347f8e532e675d154eb07f4ccf

SHA1
5ca004745e2cdab497a7d6ef29c7efb25dc4046d

SHA256
107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

SHA512
c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

Download Submit
memory/668-472-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4744-664-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-682-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-645-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-646-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-653-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-659-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-663-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-610-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-676-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-615-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-694-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-697-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-716-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-727-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-728-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-732-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-733-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4744-734-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download