Analysis
-
max time kernel
1782s -
max time network
1785s -
platform
windows10_x64 -
resource
win10-en -
submitted
14-09-2021 08:50
General
-
Target
767c428b39eea2af874a39a4039c3b42bd51d80c53c8a420134b5297e32f909a.bin.sample.exe
-
Size
165KB
-
MD5
36699663f98931bdf573bc2fca7d867d
-
SHA1
0ea0ed6ce072b335d8c8714bc319daa8d824be72
-
SHA256
767c428b39eea2af874a39a4039c3b42bd51d80c53c8a420134b5297e32f909a
-
SHA512
3c09ddbdbb8bdabb0d24843153e0ce8982252fff73592257406b95f24871be9f7e56081bf7baf8d305f25e739bb1bb885253b8a1732178bc3fd480c887f147d8
Score
10/10
Malware Config
Extracted
Path
C:\3258mn_Wannadie.txt
Family
sodinokibi
Ransom Note
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your computer has extension 3258mn.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A4C87711D83E2D0D
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/A4C87711D83E2D0D
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
WBUpiXPQL2fQuRdGVPEN2VE4FZJPpS8HZv6zBZrylNw5SdApMEHDXWPneP2aJQCX
IxhuuCPydVu6x3K8Bh4+/Pw1iLHPIZbilDjdVgEAuxCSUbD0cSKhTEgMXDWaEhjq
gqzAMvtEkyGqQGCdBvtLDMqdP1I52l29U0anBbCZvEqrZJpqrRafZTcCArdeAJDQ
jC/QcNZPFUxkEg4OWIp+jQ5tx33eYpFTTKOoZALO2Df2ztPk6tKPpb/9xxxgIDzh
CAXoI57Jd6DK2weDJIV9Uwx/PPWXsQ7MDb4fYVj/S55HYtMnrjDackw/h08HpF8h
+gb6QkMAbBMr4MFMaPWerb4BVUvqT5ISHS9IlUdhSPtS2D96dZT8s/r2e4jP/wKX
FU93WCdqbVFbZ+AQFrZIo6wUBifS14SDcDr1B7ygtDuUDvefu1vv2AutA/psa108
yG4txo82tXAuNNlN25YTNrl+eEuT1ugp8RhyoGWhaDlrBCUQ05K57lfiAVIs9bYB
Lxv2+BT+bfI9qobGDJIV75SSDJZlEL6tS5YGTPLar6LKkzXv/rRFyv+QtVk/DkvS
gMHDvBn4VbHud9qcWwk2ZnQlUMS7ivgxhzvKyEOkZBcEYPyjpURy3zQaKTfaMW08
hHqLIti54OdkSCb9vfaYBHZH0S8PiEbXdq1nImisocP4YfGZ577CnbY/zQvcgU4/
qoutsv0CHFs0ctb+IBwHIIxGJwRD/N9QPqNJ8tXFTKgyR1Ubt2bkzG6NWHLP2UlW
ZdwsUOoGHjOSjAkJ+z8W2jgQ90GBVr+81cdFbpW36OTzJyDIkRqCnbRGO6N/1cpL
FiRbhxYZbzdACmrR4mFVqezOSsh20NvMZ8gxc5L41TfJ+JwlZ4uNTNfTH6qF8Mcp
QZe683rWWm0dka893uRbFXgI1Y3lfUzZINCAow/3vfpD9U4iwuASnAMsMCL5JaND
u92XxU6ttFlX7gSuagyAMS2PW1ek7iW3ySeF74rZvX73kdfr2v5aG5A7CB2unFQo
+6CoWMSU5Kakm23FbnAfma+8VoTjQDr2cYlnqu1TFeZYCrDPIyUHw/d6Ys8Z/K3x
KQfFgPfOfQ7rdHJLWO9gcjomipKw1/xmUNkE3cVTc62joh3FdCorC0zneBg=
Extension name:
3258mn
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
URLs
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A4C87711D83E2D0D
http://decryptor.top/A4C87711D83E2D0D
Signatures
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
suricata: ET MALWARE Known Sinkhole Response Header
suricata: ET MALWARE Known Sinkhole Response Header
-
Modifies extensions of user files 11 IoCs
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 25 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 38 IoCs
-
Drops file in Windows directory 64 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies system certificate store 2 TTPs 16 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\767c428b39eea2af874a39a4039c3b42bd51d80c53c8a420134b5297e32f909a.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\767c428b39eea2af874a39a4039c3b42bd51d80c53c8a420134b5297e32f909a.bin.sample.exe"1⤵
- Modifies extensions of user files
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\3258mn_Wannadie.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=93.0.4577.63 --initial-client-data=0xa8,0xcc,0xd0,0x6c,0xd4,0x7ffa06eba380,0x7ffa06eba390,0x7ffa06eba3a02⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3256 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3168 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5624 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5248 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5900 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6024 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5720 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel=stable --force-configure-user-settings2⤵
-
C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=93.0.4577.63 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff793986ee0,0x7ff793986ef0,0x7ff793986f003⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5968 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6536 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6676 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7408 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7556 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7836 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8128 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8236 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8248 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7296 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7880 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6932 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7116 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7232 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --field-trial-handle=1576,10159177567567205097,7909354378332434954,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datMD5
b9e3587a91b2f4c63287da3dc200c4e8
SHA1f5eedb75b1a20ca96d6ca5de71fa3a67c4c45452
SHA256ca200deeda530c93be8744d51c27601ca0651aae7f8fd8d283f6d39b4eb82018
SHA512e723f45249ad3b6e3a9f8299141850b1f4d3f5c618c20176bfdca88f45f04d8ebce075b948659e5825cc0f6144f9d6c79e94fe87fd93b08e3e0024cf9cb249fa
-
C:\Users\Admin\Desktop\3258mn_Wannadie.txtMD5
3cd108dde93c14a9f526d5acefcd8edc
SHA134b28ea94baacaf921f446f6cc7a0ab282c7d543
SHA2568be8587eeb9d34b80027319d7ed0e5f70aee953f83d49dd87878367479dbc3e2
SHA5127e2df1008269efbb2d5ec952348550e4b196bd257d42af361bc7db7cc7e3101e04b778221d288a607b89b3003572ec6f15bc37257e02d7ed06b8fbe84c1d1cec
-
\??\pipe\crashpad_2036_IGGFVQEYPTGTBOLMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/352-423-0x0000000000000000-mapping.dmp
-
memory/596-163-0x0000000000000000-mapping.dmp
-
memory/908-218-0x0000000000000000-mapping.dmp
-
memory/1020-127-0x0000019032403000-0x0000019032405000-memory.dmpFilesize
8KB
-
memory/1020-135-0x0000019032406000-0x0000019032408000-memory.dmpFilesize
8KB
-
memory/1020-123-0x00000190325C0000-0x00000190325C1000-memory.dmpFilesize
4KB
-
memory/1020-115-0x0000000000000000-mapping.dmp
-
memory/1020-120-0x0000019032410000-0x0000019032411000-memory.dmpFilesize
4KB
-
memory/1020-126-0x0000019032400000-0x0000019032402000-memory.dmpFilesize
8KB
-
memory/1028-375-0x0000000000000000-mapping.dmp
-
memory/1264-231-0x0000000000000000-mapping.dmp
-
memory/1380-371-0x0000000000000000-mapping.dmp
-
memory/1384-176-0x0000000000000000-mapping.dmp
-
memory/1888-137-0x0000000000000000-mapping.dmp
-
memory/2216-192-0x0000000000000000-mapping.dmp
-
memory/2592-205-0x0000000000000000-mapping.dmp
-
memory/2620-235-0x0000000000000000-mapping.dmp
-
memory/2680-197-0x0000000000000000-mapping.dmp
-
memory/2688-158-0x0000000000000000-mapping.dmp
-
memory/3284-181-0x0000000000000000-mapping.dmp
-
memory/3332-159-0x00007FFA21510000-0x00007FFA21511000-memory.dmpFilesize
4KB
-
memory/3332-157-0x0000000000000000-mapping.dmp
-
memory/3604-240-0x0000000000000000-mapping.dmp
-
memory/3604-171-0x0000000000000000-mapping.dmp
-
memory/3628-138-0x0000000000000000-mapping.dmp
-
memory/3640-185-0x0000000000000000-mapping.dmp
-
memory/3952-152-0x0000000000000000-mapping.dmp
-
memory/3968-220-0x0000000000000000-mapping.dmp
-
memory/4144-245-0x0000000000000000-mapping.dmp
-
memory/4172-250-0x0000000000000000-mapping.dmp
-
memory/4220-331-0x0000000000000000-mapping.dmp
-
memory/4228-255-0x0000000000000000-mapping.dmp
-
memory/4280-401-0x0000000000000000-mapping.dmp
-
memory/4300-336-0x0000000000000000-mapping.dmp
-
memory/4312-260-0x0000000000000000-mapping.dmp
-
memory/4404-341-0x0000000000000000-mapping.dmp
-
memory/4428-267-0x0000000000000000-mapping.dmp
-
memory/4432-413-0x0000000000000000-mapping.dmp
-
memory/4436-346-0x0000000000000000-mapping.dmp
-
memory/4460-272-0x0000000000000000-mapping.dmp
-
memory/4468-350-0x0000000000000000-mapping.dmp
-
memory/4516-277-0x0000000000000000-mapping.dmp
-
memory/4516-366-0x0000000000000000-mapping.dmp
-
memory/4532-356-0x0000000000000000-mapping.dmp
-
memory/4536-418-0x0000000000000000-mapping.dmp
-
memory/4564-281-0x0000000000000000-mapping.dmp
-
memory/4588-361-0x0000000000000000-mapping.dmp
-
memory/4632-284-0x0000000000000000-mapping.dmp
-
memory/4692-288-0x0000000000000000-mapping.dmp
-
memory/4708-291-0x0000000000000000-mapping.dmp
-
memory/4716-381-0x0000000000000000-mapping.dmp
-
memory/4724-384-0x0000000000000000-mapping.dmp
-
memory/4732-295-0x0000000000000000-mapping.dmp
-
memory/4780-299-0x0000000000000000-mapping.dmp
-
memory/4824-393-0x0000000000000000-mapping.dmp
-
memory/4844-390-0x0000000000000000-mapping.dmp
-
memory/4848-304-0x0000000000000000-mapping.dmp
-
memory/4892-308-0x0000000000000000-mapping.dmp
-
memory/4932-314-0x0000000000000000-mapping.dmp
-
memory/4976-398-0x0000000000000000-mapping.dmp
-
memory/4988-319-0x0000000000000000-mapping.dmp
-
memory/5068-324-0x0000000000000000-mapping.dmp