a5976459e2c2d761c442eb523ab3f8b2c6b64e95e3d4821ba070e573f52d6f98

Analysis

max time kernel
271s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 12:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Inferno0_0_1.jar
Size

12.0MB
MD5

c1828ed9e29ddcc976bb0720bf8b3cf4
SHA1

521c5ed7a107c4f9a861b252e398879c6a8fc5b9
SHA256

a5976459e2c2d761c442eb523ab3f8b2c6b64e95e3d4821ba070e573f52d6f98
SHA512

8590bac98adfe1ed8931a797735febdbcd21e6dba96155b903593ad1853da1b1b826b007985b76573df6932766e54885489e6494d8d13eb51d7b5591707f8895
SSDEEP

196608:mBR5kC5fm4WV2EQlbVrnTYyaBGw6eh6C751mFjawzhCj74SXqTatXxn8vfKtKR:BCRWqrTxMDRHdsjaMh6p6TaOR

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	TLauncher-2.885-Installer-1.1.3.exe

Executes dropped EXE 2 IoCs

pid	Process
2964	TLauncher-2.885-Installer-1.1.3.exe
4204	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
4204	irsetup.exe
4204	irsetup.exe
4204	irsetup.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4572	icacls.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000022f3d-561.dat	upx
behavioral1/files/0x0006000000022f3d-575.dat	upx
behavioral1/files/0x0006000000022f3d-576.dat	upx
behavioral1/memory/4204-577-0x00000000005D0000-0x00000000009B8000-memory.dmp	upx
behavioral1/memory/4204-908-0x00000000005D0000-0x00000000009B8000-memory.dmp	upx
behavioral1/memory/4204-1043-0x00000000005D0000-0x00000000009B8000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133442656444530037"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "85"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350690463-3549324357-1323838019-1000\{94AACF92-E614-43D9-A00B-CD1B0D74B956}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1464	powershell.exe
1464	powershell.exe
1464	powershell.exe
3564	chrome.exe
3564	chrome.exe
3964	msedge.exe
3964	msedge.exe
1468	msedge.exe
1468	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1464	powershell.exe
Token: 33	3908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3908	AUDIODG.EXE
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4204	irsetup.exe
4204	irsetup.exe
4204	irsetup.exe
4204	irsetup.exe
4204	irsetup.exe
4204	irsetup.exe
1164	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 4572	1180	java.exe	88
PID 1180 wrote to memory of 4572	1180	java.exe	88
PID 3564 wrote to memory of 4076	3564	chrome.exe	122
PID 3564 wrote to memory of 4076	3564	chrome.exe	122
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3516	3564	chrome.exe	124
PID 3564 wrote to memory of 3248	3564	chrome.exe	125
PID 3564 wrote to memory of 3248	3564	chrome.exe	125
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126
PID 3564 wrote to memory of 220	3564	chrome.exe	126

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Inferno0_0_1.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4572

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x448
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb05fc9758,0x7ffb05fc9768,0x7ffb05fc9778
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3856 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2224
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff660597688,0x7ff660597698,0x7ff6605976a8
    3⤵
    PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5416 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3400 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3416 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5316 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3200 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6052 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4076 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6072 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6364 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6412 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1688 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6652 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 --field-trial-handle=1908,i,6074128742390139182,14372957102758785909,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe
  "C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-3350690463-3549324357-1323838019-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4204

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb05e846f8,0x7ffb05e84708,0x7ffb05e84718
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10125752802489263133,13878293086066235905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38f4855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6a26fcc5715a73744e8ff36fa64ce24b

SHA1
9a829a4f39e35afff28a7e39a82dc652f496b4d5

SHA256
0f95d2d11d86ebc9d4aecaa2376190ec0b47211a2ae09007a748f487d1633020

SHA512
90617b875867d4c8d9e48288378440c45ec6ebb0d8fbd774990caec5c8e72bf2dede204a123c5c868e34238cecd245b1214998ec7c40d1f05ec01975c43ac079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
183c68fe3cabc35e3ca25e5be217f57d

SHA1
193bdb85e52c51056253cef541ae82783e2aaaf3

SHA256
fd22949a74c66fbb34c6b2cc476267c753153d0efd348c5d0d0d5f9af74011e9

SHA512
9ab48d49790d81f6660cbb9d6e6e264e7fc342a6fe56e2fd20ad3ca123c0d8313fbe5953af4986f93717b9439fb9ce6fab101e8f5eba65431d405f446f46e6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
56b87ce1fba439c70185b85fe2080004

SHA1
640fac70fdef8cac158f1a8055d14a565c1878d6

SHA256
b441ef71054404f4a40fcc40555461c4c6700fbd6cca5e1c89439eec634e39b9

SHA512
9f719c538c490d3a7b22ae192f81a6c0f6b8ec60183cee9caa5db8955c1ec86104a03b1527bd8e5a4c3fb8dbfb26908b07df5cd891c659c6b7771d243c534fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5178dc0fd4fef806bd369954b8a961f9

SHA1
de8c9c85f1bce07bee122b86250488eb8d256444

SHA256
7986a149c83098e876c16c2bff0139b479fe0aee313d13a50c40d499998cce46

SHA512
b847c2826d55dca642129e2312c5ddaf89624a444b97443be892668893fcdcd4803c7caad9caad5eef534ff165e0f9fe461436d439a28315a44236d964f10bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da0b7bec17a7e352c10ff7c9ac715efb

SHA1
a3533493403454247d9bf64ed819dd4f21372690

SHA256
a87ef2141ccb936c4e38fc3fb9f7a54bf892385efdc6162f49e0b12a4013a74c

SHA512
6e4fed28cc83fee01319d46a18ff65f46fe93cea292a00c3302e16ea234e50027265a6eabdd24384e6ccb50ffde73c4e6bcf58b4ce84990ea3ba548391333263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1eeb11af4b82f92ac7022a399f6b982a

SHA1
a5dc2ef8cab6308e6345266a8d54ace88654f481

SHA256
2a879d82fadd6496ac378dae36c6658c7d0dcac148c8af711b2395899f08512b

SHA512
d4a0cbae854aa10d2f4662cebd414e69c96afc6bca3eba32b47e8b7d00a9511b9444c7b6cac29eb4d2f28aa3ff5ca608428329ad090be70400bf5923ea381dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f6b6630ac022b185ac97c2f7ae0abb1c

SHA1
51d270b2aef9f1e15961c86e25d303394a69e4b3

SHA256
744418bd11037b1c843a3e26c3b51669a2690ddee33296177f8562506f6dd027

SHA512
e95ddd8c7c3cd904363737f491a7088aa061fbaf080cc7ac9732835d7e7235467f90afaef57d498f6af7b8136f8cb938630fa1fcd7fc915f13c6d12505eeede9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40644fba9e5de0f84589102c8d6bd86e

SHA1
2639a4350b2e9643a5526382a3af4a9a820737eb

SHA256
10c95a917bbd1a5da63ef979fb8dd50b69e05200065882643ec294b48ca29ced

SHA512
226c4db2ab61d3fbddc2c1ae784c9fccddfbade9ab37ebb3ad04155d2d7348ccac5fda08ca9a3cd2aac9a7e8ff8ae8124331e7c6029e9b84a3d034801471c6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
933d662125d4bc90e9030f5f137bbe3b

SHA1
da53f2ba515bbf8c9c96d6b6b560443f1d353bee

SHA256
fd70d0e6cac9eae0acee2dba1b2c9701fabdbddba44f08ecbd77d28090cc9345

SHA512
67b0b54f6402c2e9fbcaa1b721c60c3832bbfc5fa5ae7e7cf142c191d5ed4ead03f6b1192b1abb61336c706117ed01b9ed24ceb593be06abccbdfb427dcca871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1e1de626865e322fcd3fa436bcd4da21

SHA1
e62a1daf121602dc09cb354da566432400aab387

SHA256
c34fa288966269bdd02a7063d718285e97a586bf0c065bd31b37d197ce55adf0

SHA512
d0061791723c1095cf4d7186601003ea42254806193bbfbc7dac31d29bf8089f393f476626e20d0a1ede618b4168d34f51e817315400cbad110d3564ec1bebd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0507f48f745b3fbe91fb4276623d9f83

SHA1
f1d05b07e0832d041a87ad32be61e99ca96f83ac

SHA256
d6e10412b6f4a6da20a0bf48b977ef7a9d71413cc190ddc52d608d43b1dc00f5

SHA512
f840ea31697838df5e71549249c3497d8649146435ad08bd52a8871123621ce67bb880d46d8c9dd9e45ba9abb3256c4ae224582708134f47b5c147f1b2cb8274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9ffd9ac17f1051c7b89a9cba09e4d6e

SHA1
f35b836f65cecc6043508ce382757fe1aaf021fb

SHA256
5b36c420d32eb3e409cb8d3d3651616d4020cd724523176c279447fd19b4b0df

SHA512
c90411952a2df747d97545f200b1bd362cffa581d94afad2a66c58398523cf5a8222a4e05c73c77418274d62e0a66156227486c36f02b807eaf72ead8a00724e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e2c007cb211dce305e88e6fae2d9e643

SHA1
63eb95e19cfdd608e1a450491dd883a4b8f957e6

SHA256
0de39bd1e642d1688d001eb4ab9e3d386ae610d79c19002c94d3278eacaf7902

SHA512
deb7c9f3c4da85f70c3c14484d0d6c0cf1653f4f6f5a1267d36b05f9eb81189ce09ba2a1fa2f461023e836d9226b39adbcd2967c6b5b21ac540b0d6ca2637cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9aa6e3d0c1d4e52611d2fdbdb177578e

SHA1
523f9afab3bb06629478e9e553ac9ff263275ba0

SHA256
0a69b0a2665bba842389ac7fc23e77b56d04bd682825e7930595711ec4bd8be3

SHA512
0eeafb5cb995688d88ccbd9a4c9fa6d95a5ab654f0f49d37620c5bc1bfc7bbffa8d708b07ae5ef9e8e29a3bfcb6d457a493734ec502b157b072bc53d33e37767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
f0c75a8c9a8722778bffafd7bdfee72b

SHA1
94e2a2f016c13521c60fe73390091739406a2653

SHA256
7acf671320bd9e459f879ba85615e348b251b77750051d8686746c663581a455

SHA512
a70a40e3053fc04c80f70139177641d479b3be8c2a8251a03839e504e59817f3aef5d2a6ee36569bd59fa0103c5fb82a8b4b3839df1542d134b4fcc49ada97d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
48680537a60bfb8bcaa09a9e4a29dab1

SHA1
a435582b1fe63974e4fdc68bba0765b0f9936143

SHA256
c245b389bd8047832026ad8bafd5f2591f2dcf9c85a17d7a50f2c2861e3d6002

SHA512
ffb386c945f6ec15053ed7fa4d533678f27026fcce9f33898dd91b884183c738de46ce4338b6de91b90627b6d9fa3242e4e95972cc3b645586ad14c6ce526d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
520c5bd31dab87cdb3833bdf6ea419df

SHA1
763174f4b88f85cda8d2ace927727d7e5bb0e183

SHA256
4c881cccfbae30b95946a749c9a00649aca0a027fa1d341e66656ba13b71a2a2

SHA512
3e3d0de85e8bad510b116a115019ab69f325ab92dd2cb9600c0ce60ce152be0b4102067645112c37df4a9c2a7c0a33ba47c8849fcc78f1481aaa76e51a77bc7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
4d5bae50e1f4f59a8eb5bd103e55757d

SHA1
d06bec96987f88a53276e4d9ce1e003fa0b41255

SHA256
938e825c378df66ab2d29d3aa74a8ccc42ced864562601c6fa493492656fae48

SHA512
9c9163d50fca9a48df3933db5a536b0de799d54554addcb1580955eb2bbc4de6aa916beb842cd623035e72d27aff48a5e34b2c9759ca0bce418c41391c3fc673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a7205.TMP

Filesize
109KB

MD5
439f2029cd2192ae4b7cd5d12c81df8c

SHA1
a35925ac8c7e97b2675dfd6dbb18ce0241259245

SHA256
ffe41f4f150e1b7cd9dae53145c347d072071e34d43d5bcbf7f7fd9a4023271e

SHA512
b3fcd23623a33bb54fbabc23523023410f5374548182b8577e7c6c9334f22c250ea2bc5b3bb667e7d1b3bc6c536aad131bf7b8a8622391250e171777e1dca792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
25a0b072c7cab5d9b27356626798c39d

SHA1
01cdf7c6314dd192493139ac4ff2342e38e212b3

SHA256
e1e695da8a9ec5f5dc452878bfc207514e596e0d2fefee356cfa601a8cc2304c

SHA512
182746b135d4fe6c42543e6e85529f7676c44a645cdb17bbdcd9ed868c899c1f9b1885283b8ef0dff13b9559de9e7c3a7fc9e80c3198999aefe76ee4bed8d8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
396B

MD5
21130b2b3a269b4aee267406e79d32e1

SHA1
7b75358210aa6b1fe50a3479e339c12efd4a84ff

SHA256
14ff8a7bd246140e3a72f62f1f9989b095f13b6e8ecbdde270a106e4a65ea8ca

SHA512
436df1cd0b8ded8fd1dfe342506ea99603c4ce2717238a2c3a83bd1287543a29e118b0fac8b43183c189a0e917029aee655a7fec61d03cc3f852438a0f3816b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddb223f7c27200dd98082f31f32f59b3

SHA1
10842b66dca1feb7780e007efac248c078c1acf7

SHA256
cd7bb81040c8c381e6eccab06be13a364b43dcd0451a2dfd65c43fb37dc53c06

SHA512
954d054f1aade37a7735e799a6d912dc77b9e141a41eef811f0ebe35cb3711c99e84f30a76d338ec1aded561d8a1538683999e25e646ed515446594305eed153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d53ecf47381434bbd6f5d9bd688a40f1

SHA1
51b0da4ba0609b070e7dd4f04135425ba43c1a4b

SHA256
c02ca93ea98dda13a3c931bf0ff590772746cfd6f0f280f42f5cddd6a1f049d8

SHA512
6d1b7181d7f71f2eab855dca0ecb6195a9a5696f11dffa6edd15698f325d455d7c994d26b97e06533c2041de3f3abb26f263f8a167d2a2fff9b3f3e6f256ab94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3fad70a927238eb6ab42bb47c3b3d769

SHA1
4aff54ae44e37440859bff754871f21b5b88f658

SHA256
30ae966143a180d22294e201a9575138540bc3955e2e0b6779ed7632d8023b4e

SHA512
3d25c00b89e92e7847c27cd3ba90849a3e8d145d5a66d6ca891881cb5c4f96e73d4553f329f7109447cf5b4eb403dd7ebe9311f8fb12cd25abdabca30c639c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd29cb2d23265aa835786620e39451c8

SHA1
4e28a99eae8531ae72e14a8df911f8dfe346fbba

SHA256
9ac6085a0e790bb1d8d2e72fcca9c1007ea46ec06350aafffbd2ddaa4be12a57

SHA512
5d5c5fc66fccdfa0f8debacad4cf0e13cf91a0929c1160b04eef86637e2c4fc34556899f2fa071d97169d6fb3535f0037ead62fe9a812abbfa8a3f8f1985344b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d6c7c29b2906022f6c8351c8de321af1

SHA1
1b756b8bcdcdcf0320f1644554c2ce437ad7e1c3

SHA256
fba10b106de3e696c5902f635a9a15c2de22c3bb65794115a8d96e7c8cf7bbc6

SHA512
37571e9f1723e39ccd737168dd8e91a011ae1789c492b9bd9c15a84e924d93a573f8a87c79f2e3b63e65baca03e96f8444023b8bb549913f3f7e582d2f6e1781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48ec168368f75c6e56158b2ff3825497

SHA1
54e7ea11b28a67940116acce16de9c96362fcbdb

SHA256
379af54e4fec7c2fc1f4733bae7d03898b9b1a2e66fda042423ad2b0eb3bc04e

SHA512
1d3a615b6182d61d884b9ca70bcc6fe9c0b24527429ea1d8a796a7df32b017c41cea64c5f109ded2ac40dc45d87b9e0988b3934accaa1ebc57750eb49c689d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tox3djem.vvb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
cb50d496ae05fa1c8bfbcb3b7f910bfe

SHA1
3ec4d77b73c4d7e9858b11224314e99d082497a8

SHA256
7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34

SHA512
22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe

Filesize
22.6MB

MD5
bd3eefe3f5a4bb0c948251a5d05727e7

SHA1
b18722304d297aa384a024444aadd4e5f54a115e

SHA256
f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

SHA512
d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe

Filesize
22.6MB

MD5
bd3eefe3f5a4bb0c948251a5d05727e7

SHA1
b18722304d297aa384a024444aadd4e5f54a115e

SHA256
f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

SHA512
d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 484712.crdownload

Filesize
22.6MB

MD5
bd3eefe3f5a4bb0c948251a5d05727e7

SHA1
b18722304d297aa384a024444aadd4e5f54a115e

SHA256
f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

SHA512
d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d

Download Submit
memory/1180-11-0x0000023C61C00000-0x0000023C61C01000-memory.dmp

Filesize
4KB

Download
memory/1180-4-0x0000023C634C0000-0x0000023C644C0000-memory.dmp

Filesize
16.0MB

Download
memory/1464-25-0x00007FFAF3760000-0x00007FFAF4221000-memory.dmp

Filesize
10.8MB

Download
memory/1464-24-0x00000132430E0000-0x0000013243102000-memory.dmp

Filesize
136KB

Download
memory/1464-26-0x000001325B490000-0x000001325B4A0000-memory.dmp

Filesize
64KB

Download
memory/1464-38-0x00007FFAF3760000-0x00007FFAF4221000-memory.dmp

Filesize
10.8MB

Download
memory/1464-33-0x000001325B490000-0x000001325B4A0000-memory.dmp

Filesize
64KB

Download
memory/1464-32-0x000001325B490000-0x000001325B4A0000-memory.dmp

Filesize
64KB

Download
memory/1464-31-0x00007FFAF3760000-0x00007FFAF4221000-memory.dmp

Filesize
10.8MB

Download
memory/1464-29-0x000001325C460000-0x000001325C4D6000-memory.dmp

Filesize
472KB

Download
memory/1464-28-0x000001325B3B0000-0x000001325B3F4000-memory.dmp

Filesize
272KB

Download
memory/1464-27-0x000001325B490000-0x000001325B4A0000-memory.dmp

Filesize
64KB

Download
memory/4204-1044-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4204-577-0x00000000005D0000-0x00000000009B8000-memory.dmp

Filesize
3.9MB

Download
memory/4204-869-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4204-875-0x00000000030B0000-0x00000000030B3000-memory.dmp

Filesize
12KB

Download
memory/4204-908-0x00000000005D0000-0x00000000009B8000-memory.dmp

Filesize
3.9MB

Download
memory/4204-909-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4204-1043-0x00000000005D0000-0x00000000009B8000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads