107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

Resubmissions

02/05/2023, 18:56

230502-xle18sdh8w 7

02/05/2023, 18:52

230502-xjbwssdh7z 7

Analysis

max time kernel
108s
max time network
109s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/05/2023, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher 3.0.0.exe
Size

1.2MB
MD5

32c7e3347f8e532e675d154eb07f4ccf
SHA1

5ca004745e2cdab497a7d6ef29c7efb25dc4046d
SHA256

107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b
SHA512

c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2
SSDEEP

24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{600FF731-E92B-11ED-AAFE-C6F40EA7D53E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401b453d387dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c8a3886e844ee04ca528537b5bc45899000000000200000000001066000000010000200000004171b79859c51db95fb7bf570aefb3287f1e1b17eeae679fd45b016261ede377000000000e8000000002000020000000063d0106e815d38c5fcf9cb1d60bda83a5f1b4509f86e82019cd3b224f08b01a200000000caa804dc8fb3ced3a3acfc66b1b83167d3c24129a1be38b110620d9f5388d73400000005e10b7996eb26cd4afe4733d26e3285aeb9878ba39f25ed80dc2b7bb10783cfffed39c6f24c8424980e1b0dba9451a595ac6dc8959636750040efc07f5ec83cd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c8a3886e844ee04ca528537b5bc458990000000002000000000010660000000100002000000012ebb686f4d04eeb64454a2ec1affd294ead7da3a308d8d786bf4f8c7b31c6d0000000000e800000000200002000000001b4cfbb212ef5ac95c14df0b7868637d1af202494998438a1d65326070dda4a90000000873df41502f02417b6b43ee5f92cb5407bf61e631d45c924d1fb025d7d20bcc6739ae523a00531ecd7ffbe1deed1825e83ba15bfb02d2958555799e4ec5ef9486fa4a4868a08aab4d13e0a1e4f71a785f1d39b70ccd31b8af80c7a2ff163acdb8bc22e0ea4e104bb48673c08cc482c8d24380cb16fe035b4fd8228207ee31a2899e26e4a9a2a19a312962e4746a51a2c400000009000cf5468702acbb6dd36214d7bcd1c64008bcb1f9a4443cb9a4bd90c30805d3dd243f40440950be69214546e5842c97fc56d6a1d7de4ba44f8ddf6a268cd3e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
888	chrome.exe
888	chrome.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeDebugPrivilege	532	taskmgr.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1944	iexplore.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
532	taskmgr.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1944	iexplore.exe
1944	iexplore.exe
684	IEXPLORE.EXE
684	IEXPLORE.EXE
684	IEXPLORE.EXE
684	IEXPLORE.EXE
684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1944	1996	SKlauncher 3.0.0.exe	28
PID 1996 wrote to memory of 1944	1996	SKlauncher 3.0.0.exe	28
PID 1996 wrote to memory of 1944	1996	SKlauncher 3.0.0.exe	28
PID 1996 wrote to memory of 1944	1996	SKlauncher 3.0.0.exe	28
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 1944 wrote to memory of 684	1944	iexplore.exe	30
PID 888 wrote to memory of 1600	888	chrome.exe	34
PID 888 wrote to memory of 1600	888	chrome.exe	34
PID 888 wrote to memory of 1600	888	chrome.exe	34
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 1592	888	chrome.exe	36
PID 888 wrote to memory of 656	888	chrome.exe	37
PID 888 wrote to memory of 656	888	chrome.exe	37
PID 888 wrote to memory of 656	888	chrome.exe	37
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38
PID 888 wrote to memory of 1848	888	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:684

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6519758,0x7fef6519768,0x7fef6519778
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1160 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1372 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3904 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1192,i,208083669962821224,13331282112930006099,131072 /prefetch:8
  2⤵
  PID:2108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
826fd61900b81693965e104fdb1950b0

SHA1
abd17d1972f0e60f2a25a6be8eec78c9e2af65ce

SHA256
eb852708c7ac4c8930938d4a6ade9553d4d3adb73c9c51d04cc8385841fd5dac

SHA512
e8b3d60bd29def232dee5562656fe99797b9d05a9a55a7e69fc7729075694486a92d8405074c0c912db1a9a646759c3fa2e76415017e948ec09471f2a6e40195

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1cf6bc41741ed16d5ef593a0a4443c4a

SHA1
a72fb3aded9c7c8b35bb7855a624a7067ea3c8d9

SHA256
5b87925d40ec3b8819a636ef2a145e8a46a5d350501005a92b98e52220e96dd8

SHA512
831efba2f9d1dbe4e7c34e241e081cd1ea5d24c6980e9f95a43d097dc03bc6df907d2abd927b8522ac693c722eb721780336c11a9004c28dbe7acb34ce51c37b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32e55eedb1650d8aa0161b29f02cfa84

SHA1
b7711259ce029affef82eb77c5498c6e4704838b

SHA256
49d8a786a0bc08626447b5e28c0f48b0120254930e389125a50249dd5bfa3c5d

SHA512
b05cf2438a67b65e3ba01ce4179990cda803d7afe93cc340da772ad0eef6073fd315c745dc529b2bdfc790a9231dc0dd15b8560c1d946a302aa609f085296565

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
351252b02f6dd574cdc7891ed788781f

SHA1
63a163f6af6c4ab3b517926c90842eb6844969b7

SHA256
ae3d4fec5737ef0a986c4c20b5a89e5b8a83224bb619fce1bd0a9c053e598281

SHA512
07163d509e922b147bb7b6be6bf42ede0bbc24ec9d404aef88865ce77d3b38c55c23dfb982a3c5d51f3181e22f9fd0fe423e770bdf5eda55b7f8800b75fcb279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7875fe1011c6988d154495e12bddd7d

SHA1
0bd6a043cad8e888be8eb1e19d7817000ee23e58

SHA256
911ac3e39018de3a4cd60e631fa00e81eed6a821bb22b0e7da75fad166c2efbc

SHA512
a4fd67a124f6763c1a92791957d5853d2b4172819df2ac1127f26acb96dee77d2a95c38de183245b51eab9ba78d35dfeb8a8ee533f8b55bb46243f2ea4b8b0ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ad9d136af6c59a13279161e42f2dca1

SHA1
0d7a19f0b7e98bebedb384821c7c46033b678097

SHA256
480444be4ec4bb22b032da00a929cfbaa3933826dd3f36e69ace5c957d420f16

SHA512
82af12d88a5e5cfc4271daa7a98d30aaa158f6ff97fde0dbd0d4f843bef3b83792373035fdcfa6e61a704f4c4f42b1b9e449a655532336e6cac2ebbf60db8319

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81a37a88de2b45e0d35029ee4ac5cfe6

SHA1
aec76a1dace75569dc77f81cd7a94731d68631db

SHA256
9416e20c91e65c2a0209268d7ae47468fd78d5fd50b80abbf55f973ca9686c31

SHA512
a937a8e9dfe10883f4354c281c91e207c0c567576ce341d3a8f1687dcc839995b64d9977e8ff24ab6fdd6fdc12e5e4dbe4be72c27f0dbc3e0f09a4a9d156aa02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1437e72d44fe400e8d25c77baccdc7d6

SHA1
1daa0cf7873605f7a1c54ad0cad99b940ce80871

SHA256
de2bdfc1179873aff6416421c5ecf56e7732d066139c7269804556c2b3b90765

SHA512
6f6df3fb80d031f363820925797439eefd5decc62d744e6f7eaff7aba26f3a4b53b9e2b99b82a7ff5c5cf284421cc797480694fd351b4a08d28df3247147e285

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b14afacdfe3a1b0e4e271d9699a10257

SHA1
8dcfbaee30a42b54d777c1dc44bfef2305c229ba

SHA256
4a7fc1ee00497df9eb7e3e7e1e425107111605b112776a074f89eb92dd50dc24

SHA512
9cb130defcd553068195515f329316202b1c16b24b54a9c7c58812a99bef5ff512fde709e79b1ffbeb01861d6934f7b76794d3cb159f7ce3eaa6e39b1231367f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6b7e36123fe9708bab4d9f138df8da3

SHA1
3801829ac97300fded3c7fe99bab0af71b86f52a

SHA256
6a9e60ca3d1534caf0eb6aec764bdbc1ff981d296a78c5c53218877cfe82b7e5

SHA512
09e7064275385f40d8ebd6f3aa73e66052aef322b21140bee04af58718aaa2294cbd40370cf87db5a824afca8e686f41d0130ae079d4c9d998fa44ce4ad908e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecfb6e23053fd8f13ad107d79a54a2e3

SHA1
4ec878bb353cc22c2d090c555a8939ccfb8c6981

SHA256
97d8a318da9231ed0f2a954996460abb4c4b35cda129433cf722182a94a8b15c

SHA512
cdf5e1aaf7b2e0b195f73a476b8be5d216cb522491b2b324333055da2a0aac443df579bfbecb98a478e01ab9e386201ab1e3fd5b065ba1624c199fdaa7d5b5d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49ed7ffc39f6fd5085900a426dc3da09

SHA1
19ef8fa33488388339f6e70d3a6fb2dfe2c58b59

SHA256
ccef684aa775b13e991fac46a5d764f8e946041f2fdeb097edb37c96cccca4fb

SHA512
b0a2bab39abee75e808599ca3dfe07b4a6d4f61e0e3792c4d5a7f18a3ae1c7fc97b0262f2550a01b78bcdbe8030670614d13eba2fca609a1e600bee20d388d2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efcb680c5d92feee1483fa48b8c7f98d

SHA1
9b4a6e5270b8dd45a963ba62af30199f161404fe

SHA256
65098f8482aa78d8d76998b7bb7408ac5a6888458f80977fd7689337ad09a530

SHA512
a3f7a8b3035e990061433c925df97c416c4018ae48822e716ef56532da776376b1f2bd21d79da56284066749d99bc52e80f401615bb16bbd76848ee7b18bc7c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
150aaab77936c6d54d5a8c296b6358ce

SHA1
af5006a18dab02f4b8ad12a30cf3dcd19ac00451

SHA256
19e0e6ebcbf8b041cc8474850177166893d580969f2013e154f561000ca117c3

SHA512
346e47fbb7f95f65983e317f417173bc8068e0047af45704c7070ae39ae5c2c983498d39ab4718f12737b594965d3bc4bc05ebf311e38443e6408d7e962d4ca5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f29cd9004705083af993e932496d5da

SHA1
217061907c28f93de637972b0673250990853038

SHA256
b7316377d2a2fe99888fea762baeb8387db5b24bebb848d118c8cb5b9f0bbd03

SHA512
8122bbf85f6a1c5e9b1c40ec1d6f93d33665e798627a099f09ab987796064a2bdf30988cbe769e7e27015eb3dcb0a7fc904e38c42d4fa501fdc50054157d77e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e4cddcf8b6117dd28e952307ec2619c

SHA1
41406ab4e97679e38af883bd7ccdade2096a14bb

SHA256
b5ccd1d41db0a2834f611734bed07012403b26c19561ec71eb95e5dedba5ad06

SHA512
166548796089a70915c6066101f727d3a760183145b8d96a4dc574536afb2879318c50849a5968649acc2743a57afea0dfce274d334c8b59c1ba606b762d9ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22ff66277b312fc520458055a525818c

SHA1
8944fc6194722fab4d2a531c117ab5b13dda5886

SHA256
5d4d98555e9d6f4e494e2ac64543a14c024e23484535241568fa7975edc5df1a

SHA512
328c69717ad6d5d044aaf6e239bebffb70ec23375bfdf3f7ed42615860c8cb725dd113bafd9c81219ef3eea34d736bbbdd6e545d8290ac07c196edfe2c91a1b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
bdc50a943ac039d74525152a1d5d93b5

SHA1
91abf38c9ed8ea2b34522c74ff9ce6d17529465a

SHA256
ade1b9a9a16248d270356f0bc98957f30e92ee8814d19c63d13d3cea7606030e

SHA512
d9889afd45e407fc2c1c1196d2d376691cf7e29191d155683f357bd641e4c201d05e7a56ab9c81d3bf888c15663b8a7d51dc3cbc1500961fbf599e14042850f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat

Filesize
7KB

MD5
878a2de45ce63244009316cdc9b15ee8

SHA1
5a9587ec76981eb4358b2c9be48c0044496e1dc1

SHA256
cc1a3d5f12cbac922edb83f1b67c5786dbbbbef110c9a0d28555380ebeabe17e

SHA512
f89a2c44aab668c18a1b2b9b8333cd78f1e06920ff7087fdb2fc5789d7714f04b8e6337d5b2a4c1e4a83d198b891618eaab61da1bf1c2e1878039c74881efbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\favicon-32x32[1].png

Filesize
2KB

MD5
dfb98b35bec083cddf7e575ccbc12efc

SHA1
f77c5e6f37aec582c5977a76691f992e3ebc3a05

SHA256
f053cec8f37df661ce13646ff5ecad7050bd50c4afb4f7ad12cd252577207e66

SHA512
17d2d675bc677f126fabab826b4fc79a05eece52cf586a97b7d8093dc402d0160f273fbf9d38978f01befc9f85a979208c2355cc0a4c129a2232ffa4554961ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab32E4.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar35E9.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF55409A93F1942D5A.TMP

Filesize
16KB

MD5
474a36ce0f5305db694f340c1dbeec8f

SHA1
0bc9489c9e8815fa4ae1e1b840f21079e3c64352

SHA256
621cd0827023cb7383221e05ddb7978ddca66eefd047d8f897ddcf48b227451a

SHA512
9d0c11da0a31a4051c3e76e1dca7ed88b661bc0b7bd8c210c754b66c25f0e2adabe3bcefea2c44cda0895bd1cce45c2f71c320ae525757b36b59a658339d21dd

Download Submit
memory/532-744-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/532-738-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/532-737-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1996-54-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download