c3db9475c3ab6b53d8f6d711f587e5218c9b8d332229a208277bc0b27a24b620

Analysis

max time kernel
1617s
max time network
1620s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
02/07/2023, 01:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher 3.1 (1).exe
Size

1.1MB
MD5

021b53abfc25a261077282498e5726a0
SHA1

ba7f38a28444504e6e8e1f995cc40ceb70ff6409
SHA256

c3db9475c3ab6b53d8f6d711f587e5218c9b8d332229a208277bc0b27a24b620
SHA512

484bb65ecb1ccd3e5472a27737fd2fa4471240aeefcf4bfdeaf4e49636cec9b3e43a5c2feb7134074c92af01f52a456b8074aca8269480e210cfa3b51acae81d
SSDEEP

24576:7h1tjL2uma7hLQKaikK21SHCJ3ny+SGiPsGSa7tLC+/e0cUEcnr:sghMKai1viny6iPH5hF/e0m2r

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000826db13b4f2d6946b52cb68ee9de0a2e0000000002000000000010660000000100002000000036414d966b65eceb99884c21367048069a3b6424dfdd81fe2783d0284036bff7000000000e800000000200002000000099b8f8324d09ceb48194a457882fdbf6d56879d0483ce95bc6e1e7a37e1b6bac20000000984f7a55e9ec63150b76a10ebe2e3a2716a9113a70d79dafc2cd777ea2381cbb40000000757ea8e774110ed61f920ac3270d82fdcb5d46d289d8432fe0f9393b56258782ef4e76dcd58275777845e35b088153a8b0abefb2acb500ce84d444f209b977b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01EFDD51-1874-11EE-ACB1-DA01AA0573FA} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000826db13b4f2d6946b52cb68ee9de0a2e000000000200000000001066000000010000200000004888a54b09536eec32c4183e2e5fa8eaf9f125e58fb7da329f5a487e6ed3f311000000000e800000000200002000000089dc79edb7412f29cad81d22e75cb356498727041eab4ff97ca603e6c6bec7bd900000002c0fbb1fa58ae0d1f08f04daa16ca4656cdc1af5e37d4b0301a0b10c2754884ba7fd5e1f71b5b91d58ee38e46cea64952cf0fc123b2d6c05ef7047d5ae386e494f7b264ea09d05f4c857f7805bb47230587ddad76a89a26a315160bbed41399505e5975b344f80fd3db9dc051fc51aba92f9dc8e1e8c11c718a900b322c09a1f7171282a57df23f7506d15f13ffa6a4f4000000085cb6a176d56b392de610b6937aa8102ae69b26671cb45e3d84f6011462417f010f7dd5139bd46d63d9407035ff6b64ff05fcc2d8dfc23cbdf6e8ae052eae608	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395024677"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e03adcd280acd901	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1068	iexplore.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1068	iexplore.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1068	iexplore.exe
1068	iexplore.exe
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1068	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 1068	1200	SKlauncher 3.1 (1).exe	30
PID 1200 wrote to memory of 1068	1200	SKlauncher 3.1 (1).exe	30
PID 1200 wrote to memory of 1068	1200	SKlauncher 3.1 (1).exe	30
PID 1200 wrote to memory of 1068	1200	SKlauncher 3.1 (1).exe	30
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1068 wrote to memory of 1472	1068	iexplore.exe	31
PID 1012 wrote to memory of 1584	1012	chrome.exe	33
PID 1012 wrote to memory of 1584	1012	chrome.exe	33
PID 1012 wrote to memory of 1584	1012	chrome.exe	33
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 1804	1012	chrome.exe	35
PID 1012 wrote to memory of 812	1012	chrome.exe	36
PID 1012 wrote to memory of 812	1012	chrome.exe	36
PID 1012 wrote to memory of 812	1012	chrome.exe	36
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37
PID 1012 wrote to memory of 1972	1012	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.1 (1).exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.1 (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1068 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1472

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\ConvertFromRepair.vbe"
1⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67a9758,0x7fef67a9768,0x7fef67a9778
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1328,i,6301358702201552532,12229517227978826156,131072 /prefetch:2
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1328,i,6301358702201552532,12229517227978826156,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1328,i,6301358702201552532,12229517227978826156,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1328,i,6301358702201552532,12229517227978826156,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2204 --field-trial-handle=1328,i,6301358702201552532,12229517227978826156,131072 /prefetch:1
  2⤵
  PID:484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f2f0d60ae759274a94f701e06e4f4fa

SHA1
f48ba1f9f5c339b3b9e58e58dd1815ddfbda4b7c

SHA256
45aab6b40b0c214964fdb0adbfea800d43a8653ee168107442157f788af6bf62

SHA512
151cb0fe6bde2709aa4defef72849d3eced96e52093f9f192fc4b128be08e64184d4a5f0a49cf0419bc5d1f5aa166303686a0bc9a39f947987915f058b39e420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c862ea3612bcf411d52de35a138f5eb

SHA1
62ae8866d412b3f02138f30fd03968d2b6819eb3

SHA256
ac76df3272fe63f6d6f12960132097d78648595cb8514f70d27c6542eb23334b

SHA512
8b833d9c6dd9dc21a291d4c567c341c81c2827b24ac867a9898a34689f38e81af429a46ca993dc7678aae4b5a2411020460940bddeb2604889f5992430043ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
258b53cfa5f3a5709336b8a0db167af2

SHA1
da47f7ec17ef99cdc3088c1bdd0f8c534004d89b

SHA256
019c424ffddffb673aaa0428756fd59ec97a2e4d9d5e83b54110213e76560666

SHA512
8cdc2e7feb113988e57cb5c852de9c4d14c4ecbf015414ea6f20819de34c4b13e09b8d113fdf6b0e49a282a70d753c41b3c0b2a2ce32d2d345ff5fcfc445778f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1b40788639d0b9f92247468abf55d0c

SHA1
4eadd6e1bced2ecaee3a5deae4bd6d9d0433ee84

SHA256
9879cb97650e9a8ab0939e5581c1f993bb0fbf2958f1511e5ebb132cec36a3e7

SHA512
7bbba02cc308149402eea6b802af11a40b84ecb93dc2de9a4a7e1c03d3e8398134cd5d1ab28628e4be10be97b773d3e5b6c96a2116793464758b9e935ee00dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d944ea8fa4b44f317bb08238ddf5f3b5

SHA1
9884ce76fb3f642e95f15733fdf978fe54003214

SHA256
281e73c4c73fab4759da45044d567fa7b014c42697ed5eee1df3009fed4c2913

SHA512
f75ce0aa661798997dee15dec24580f119fbf217a6a70b6d84884c48789ef9213090cad3ddf0dbf35827b97869eaf702d65adcaf07b69d9217d7d0cdad8f13c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d8a8a49eb47522ced00854751671bba

SHA1
c0c9a3c13f7d1bc2b6a4b9a52718f4143921611e

SHA256
f267ccf268a3fddf7ff5128919345392a5a158b24ba5e18b2b9a369312f8203b

SHA512
74da8b75f1f717d8899ecc2073c44094792f8056d16b00621d380c678788d7093b36ab6b4a3ad111e689749109ca2cd62864e4476f5444906130fde8f8166308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99107018b6f2276453022ecf2999ade6

SHA1
074e8f0e00f7eef6db573008e1c96fa6abc478d8

SHA256
abfe88dc935081699ac8fbe61ce1f11beedcb81ecb66859917c53623d0969654

SHA512
f31367a1aba4de218026b3350eb00059df48b27dbed95982c4b647572c8ce3fa07cbfe46ae924956af0747a6e32eb5b164626243f335cc2004940f61e93e28f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86392043cb7b8b375a925e7a8412fcf8

SHA1
9f701eb0c37ef6efd1dd7a79a878498ff413e36f

SHA256
35360a4e673e3b97bc0213d2dbf243e06067173be3d8b5d54123979c8ccd7dd6

SHA512
4c95828366c7172de46088afea8ed583e30c3c93fe3eadb6d20764681b13d9fd88723e343281e464424806e47b8a50cc40b9d46a4ee2733015b145548df3a330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76a2ac4bb9c1e6836c81ea9e159675a7

SHA1
1a4a68d829b0cca5ce89700cf877c9c9412fc784

SHA256
49622d89e4e6091af473cb39dab2e3629ba0756d90c5680d033becf41cd7b5f6

SHA512
8caef787baa7f15356934814676b9ced807826f47f9f5dc1da9bef3e2570427540bc05e728317a01850055a70b4bf04b703186e64ad8ffff715394e3d768084c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
799eb47abe5794060dce794e4041d6b4

SHA1
1b5c7e6c61573c55643c123cc3a8545e2fa12518

SHA256
46272b46b3344a53e046ddf5a5b8f3950454b0a47af49a6da6a4421a968fc9fb

SHA512
edc49a2892d649aa82fd79fa5c78f754e693c34ef901ee4eb33420c599a5e34c9391c1dbdd35e921539f40544a9c0595a701d1e0d5568fe15b3a84c6941d3af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc1ecaf01af9483635bc5f077ece226f

SHA1
df3b1ae9bd231fd923c9d4a51aa71440e2f0084a

SHA256
65fbc2c6f4e6476a6cd4583604dae002c45200040945ccfb25405ac4740d1584

SHA512
3d0a27770ae9db5e12c7bdb11eb4b5cca94bc19f695f79a20dd8949652d4e8fb69dfb8ada309cc776e6e79c286b15e9e6230dc72f43ddb32dd6cdbbb2c1479e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
232d7fefba53157d6926d861cd05c38b

SHA1
d0159ef12402ea240f68f637fc3f3f4c0f395ac3

SHA256
fb9bc3c84912c9efd16df87749f1a795d7ae3707fb1bdc910d1d2abc8446d734

SHA512
05afda10c266040ef924520802f4c9837649d92372837ac5d55c6086d2ef9218eeaeea392c4186282eab716ebe84b451548cdea15b57ec289ecc13051e0dc187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d9b37e03cb95b97a8b4c5f02046cbdc

SHA1
f05b60ae85be999afc36a1fcb460b1ceca972b8c

SHA256
aee30010947129bf5ddfcb06fad0901ac06a4f3ffa854447bedc986f32fc5071

SHA512
104a812e7abf307d708d95e93001d5b09db871aa8a597862a169f5e2131235bce2b7d7cd48d5f8d8f4a42d644b485afc922f977e4769777515e27d1d82ae5509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b44dae740051d53b3251e2c0236163a

SHA1
86a83f186c5d082306067467d03a449603623ca6

SHA256
aac27482dd477bb3e789398f14730f54b769895a1c660e39b61d75d719630cb6

SHA512
85d96515477f484b409b7ec7755d53b95279fbc2e2a0c729e03cd0cbd9ebd933f05b3773819fe101d9c5ea5f1658bdba3743b715f9cc0ccf90b61b5f735c6492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bac432b77e34fbb01af917a8ae86233

SHA1
5e9282cdb62343920c5b35fb96d6e8f9a68c9ca7

SHA256
f002673482e9fa140c7e9bdcfed13281ecb3701a58412be1844ee316b8fa5464

SHA512
18c1fa33da912313a215bf963cda880cf6bb0e9ea23c836ce35352409d3dd3cf9deb0bc3cd69e5873bd04eb434de18fe03d0904cd21b7d82102d39ed1599e90b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a21e11ebd2c6ae8b5ed06ebf95c07ca6

SHA1
bd0d4cbe3979b017610edbdb0edd9e630127ae6e

SHA256
fa50b869af75461a506d864c74e0cae86f70789baa4e1e3a2a0f31b28de7692d

SHA512
3ea437e8d995e5a2731571067aebfde5f98da80891a533b88f056ea483c373668810cd0779d5e09aced84a3f635673ddef3b954d9eaf9909b58779e47a8c5198

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f32e6e5b27c0c0fbdf458cb7276687d

SHA1
891518285a944517c5d694290dc1a3e20e6b50d4

SHA256
8ce32bff8bfa43732a5d6e1494844b75630a94e97649661705693fdc8048473a

SHA512
648b89848b03eae4bd5a43f937c5cb5ba12c3a611e3257ca9b6a3b08de90145ad730a0232b25978f2a6da0e1726399d22ffc348918318fd78ae5979ac0b4a9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8fe8b350-8cde-4bd2-9529-2c3002d84914.tmp

Filesize
172KB

MD5
aee58f503d15ba19227f758a87f1df9e

SHA1
ff3a5a9f0557a0d8517d6f23ee32aefb57577143

SHA256
7263578e04e72a10d92f8557cb3a75f2ebcdec027b54c084131b12c5af9a0a41

SHA512
7133426c7e25d9e07c8dcc3107cb09837662c5e88a903a9927689a3bae601487a019cd15279f0ad94017c5b1e09e967a5456b51cc4d41c0646ce4cbe377e8bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\8mmh3ym\imagestore.dat

Filesize
7KB

MD5
ba729e1bedb0f0fe2f894b162853e67c

SHA1
efa4991abaf8da110f6e66702b40264b12e577d3

SHA256
f60bd52c916b77926a4e65a5331649b6e83cb80572b6a7f2b7d3886160100375

SHA512
fc39e0bfb9547b6af2bb2b8c2eca138aa30eb160d41443181893b09ea9f38a84412f1b3050cd6a4887100f972e8975abeb1bc039009886f9ca1acff34acf536a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\8mmh3ym\imagestore.dat

Filesize
15KB

MD5
6dfd486b10daf1c1a9cd6f65a8ce7b5e

SHA1
c29ef985c247a607d487b4d16144f6312f7a907f

SHA256
21adbdbee0d3077b246e3777f75f166c37755b6c8ca4c79c53b8f1806fe4b71e

SHA512
cf447d1c558d63a69c383eb1ce78f682ae62dd21c40e20462268178ff71352e4ca1f3919343a30e1eb3b23846e2dd7d6d4a2c622f18683dac137e20f59af98e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\8mmh3ym\imagestore.dat

Filesize
15KB

MD5
6dfd486b10daf1c1a9cd6f65a8ce7b5e

SHA1
c29ef985c247a607d487b4d16144f6312f7a907f

SHA256
21adbdbee0d3077b246e3777f75f166c37755b6c8ca4c79c53b8f1806fe4b71e

SHA512
cf447d1c558d63a69c383eb1ce78f682ae62dd21c40e20462268178ff71352e4ca1f3919343a30e1eb3b23846e2dd7d6d4a2c622f18683dac137e20f59af98e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\134K02XQ\qsml[1].xml

Filesize
489B

MD5
bb0336359c96aa42a8c9a663a9113401

SHA1
ba296cd266a0e8187aff86a8d37f1e9577516fe7

SHA256
70f553fe9578a3715c52f2f761ec7fcd08b1a1dd37e5371d1dac805bc987e82c

SHA512
304035259b18ce4e83b2efe98146e91db3e93a09aaed4f7888a8071a749348cd9cbcfcd2afcb1b9d0d62b7d7de3145ec1847703048291637912dc2c9c5c3327b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\134K02XQ\qsml[2].xml

Filesize
512B

MD5
59e99971d3653d3916eda2e342411da3

SHA1
2bdc2d63ccad20d05186f5c3a9e1426948f17213

SHA256
feb4b9e9a7b2739df516f3a706b4f93ecdeaabe704c88e86b0fe448e5087f72f

SHA512
05afb9168d9eeed0963963cc08ff7f47f2f960e438deb90a7f6bd0af2e20284f430c3ffde11d5e576c0a8d6b56cf4fc788155ac44990b853a14834fdcfd5757f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\134K02XQ\qsml[3].xml

Filesize
571B

MD5
769289dda39a0a5663534ea28f565738

SHA1
f2d91bc67550b31f5e09ac23c923ee1b7d1de964

SHA256
bfc1bdf9a269641001cbe8f9b227490f5fcfbfcc1d615b7a8b2659e8b4d96239

SHA512
759c70c42a759df32eecbb100f62054bd15c5cc219ae3225edd722ee23ad111a3453ffedd43577d320b20af9e461e0e3561964470dbeb497a9c771bcd95f53ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\134K02XQ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WCPJCZQ\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8W0BHEO\favicon-32x32[1].png

Filesize
2KB

MD5
df4253088bb850c76f81c91db284d4f7

SHA1
46e3e3c42a159f22038d86bf39fbde118c91dcbf

SHA256
590d33ce64b321c321644bc8c840c354257371f8c247f776b788a5ce2c9bbc72

SHA512
7804f8507d35adc2a3f65a4fb017bc50219fd2ee326693dfc5011cc9e22df61f50533ee7eb597133ac69e502683b7089df89735f03e11807a4724564061b0b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab63B5.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar651F.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5E35N6Q1.txt

Filesize
606B

MD5
63d77f963f882a10bc66a02fa9bb9da7

SHA1
ea6c5b82fef6eb030b5bb3f0b98a78629bdfa7ad

SHA256
4be7f3970545c9788858fc50fcba79ba5b97c38cbcb1e8f99529b6d4739fdc0f

SHA512
4c3f498805e9c69e69a6797c9bb5844472601c34fdbce81f44dc7aace2c943e7352735ba3ec0892176b939dfecc9d8cfb0c2c2d7132ae97902566eb36c753e5a

Download Submit
memory/1200-54-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download