Resubmissions
22-01-2023 20:25
230122-y7pcgabf5v 1022-01-2023 20:21
230122-y5dsysbf4z 522-01-2023 20:19
230122-y379sabf4v 1022-01-2023 20:19
230122-y3v98ahf66 1022-01-2023 20:17
230122-y2v8tsbf3y 122-01-2023 20:16
230122-y2abcsbf3w 1010-01-2023 18:37
230110-w9tc4aha24 10Analysis
-
max time kernel
1028s -
max time network
1218s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
22-01-2023 20:25
General
-
Target
WannaCrypt0r.zip
-
Size
3.3MB
-
MD5
e58fdd8b0ce47bcb8ffd89f4499d186d
-
SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03
-
SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
-
SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
-
SSDEEP
49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@Please_Read_Me@.txt
Family
wannacry
Ransom Note
Q: What's wrong with my files?
A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted.
If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
Let's start decrypting!
Q: What do I do?
A: First, you need to pay service fees for the decryption.
Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Next, please find an application file named "@WanaDecryptor@.exe". It is the decrypt software.
Run and follow the instructions! (You may need to disable your antivirus for a while.)
Q: How can I trust?
A: Don't worry about decryption.
We will decrypt your files surely because nobody will trust us if we cheat users.
* If you need our assistance, send a message by clicking <Contact Us> on the decryptor window.
�
Wallets
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Signatures
-
Detected royalmail phishing page
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops file in Drivers directory 18 IoCs
-
Executes dropped EXE 64 IoCs
-
Modifies extensions of user files 24 IoCs
Ransomware generally changes the extension on encrypted files.
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Sets service image path in registry 2 TTPs 5 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Detected potential entity reuse from brand microsoft.
-
Drops file in System32 directory 12 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 5 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 17 IoCs
-
Modifies Internet Explorer settings 1 TTPs 14 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 6 IoCs
-
Suspicious behavior: LoadsDriver 7 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\WannaCrypt0r.zip2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94e54f50,0x7ffa94e54f60,0x7ffa94e54f703⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1996 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2340 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4428 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4756 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5028 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5048 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4556 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2904 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2376 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=912 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3676 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1084 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6472 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5740 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5532 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7340 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7532 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7688 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7356 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8092 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1600,3586252258266343464,4464916356526363935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8112 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\697158bcade7373ccc9e52ea1171d780988fc845d2b696898654e18954578920\" -spe -an -ai#7zMap32299:190:7zEvent194562⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\" -spe -an -ai#7zMap1683:122:7zEvent222062⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\" -spe -an -ai#7zMap28013:162:7zEvent152462⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ProcessMonitor\" -spe -an -ai#7zMap4930:90:7zEvent217772⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe"C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe"C:\Users\Admin\AppData\Local\Temp\Procmon64.exe" /originalpath "C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe"C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffa94e54f50,0x7ffa94e54f60,0x7ffa94e54f703⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1912 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4592 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --system-level3⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff6483da890,0x7ff6483da8a0,0x7ff6483da8b04⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,17136892545627107500,5612161358816664740,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:13⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TCPView\" -spe -an -ai#7zMap28239:76:7zEvent173372⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\TCPView\tcpview64.exe"C:\Users\Admin\Downloads\TCPView\tcpview64.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" /select,"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe"3⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" /select,"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe"3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94e54f50,0x7ffa94e54f60,0x7ffa94e54f703⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1948 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,4234081811358408438,15449087050077599206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\Ransomware.exe"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\Ransomware.exe"2⤵
- Executes dropped EXE
- Modifies extensions of user files
- Drops startup file
- Sets desktop wallpaper using registry
-
C:\Windows\SysWOW64\attrib.exeattrib +h .3⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 35311674423156.bat3⤵
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs4⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe co3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b @WanaDecryptor@.exe vs3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe vs4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet5⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete6⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ogbxohhg056" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f3⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ogbxohhg056" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f4⤵
- Adds Run key to start application
- Modifies registry key
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exetaskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\Desktop\@WanaDecryptor@.exe"C:\Users\Admin\Desktop\@WanaDecryptor@.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /42⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@Please_Read_Me@.txt2⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /42⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94e54f50,0x7ffa94e54f60,0x7ffa94e54f703⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2036 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4988 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5156 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5628 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1676,9506964163727346991,3907139486441225426,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94e54f50,0x7ffa94e54f60,0x7ffa94e54f703⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1784 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2404 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4092 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4404 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4920 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5060 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4980 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6408 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:13⤵
-
C:\Users\Admin\Downloads\MBSetup.exe"C:\Users\Admin\Downloads\MBSetup.exe"3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6172 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5324 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5352 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2380 /prefetch:83⤵
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=GQ2Bwy3e0HdyL5BDs8BCP5DojpcDqJQkNUMAqhck --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off3⤵
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=107.294.200 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff7e5de5960,0x7ff7e5de5970,0x7ff7e5de59804⤵
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2460_CSYGCCONXAEEDUDN" --sandboxed-process-id=2 --init-done-notifier=740 --sandbox-mojo-pipe-token=10189544401262613996 --mojo-platform-channel-handle=716 --engine=24⤵
- Loads dropped DLL
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2460_CSYGCCONXAEEDUDN" --sandboxed-process-id=3 --init-done-notifier=988 --sandbox-mojo-pipe-token=616803018298891592 --mojo-platform-channel-handle=9844⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5572 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4368 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5748 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5020 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6608 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6676 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6648 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6388 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,9573828868319473413,1606212842951084953,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:13⤵
-
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94e54f50,0x7ffa94e54f60,0x7ffa94e54f703⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 440 -p 2312 -ip 23121⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2312 -s 25001⤵
- Program crash
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2228_1602262594\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2228_1602262594\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={01307323-8729-428a-8c5a-8b2650cdb348} --system2⤵
- Executes dropped EXE
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x414 0x3201⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
-
C:\Windows\system32\certutil.exe"C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTemp8068b58b9a9d11ed915572e5c3fa065d\servicepkg\starfieldrootcag2_new.crt"2⤵
- Modifies data under HKEY_USERS
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected2⤵
- Drops file in Drivers directory
- Registers COM server for autorun
- Drops file in System32 directory
- Modifies registry class
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"1⤵
- Drops file in Drivers directory
- Registers COM server for autorun
- Sets service image path in registry
- Checks BIOS information in registry
- Loads dropped DLL
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
-
C:\Users\Admin\AppData\LocalLow\IGDump\hhjnllhrhqxfdvfnzmrcmuexionhaqhl\ig.exeig.exe secure2⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x414 0x3201⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2228_1602262594\ChromeRecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3Filesize
141KB
MD5ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA110958b0f690ae8f5240e1528b1ccffff28a33272
SHA2567c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA5126c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\Downloads\697158bcade7373ccc9e52ea1171d780988fc845d2b696898654e18954578920.zipFilesize
3.0MB
MD540879d7587eed9df399dc5ec0e18d305
SHA1e8660a88bc70457259b13c2198bd7b0f88827cd6
SHA256d30cd1e5c765f6cb2ddfc16c8f1611ef575ef6b8fd7030930bca9433f8edbe25
SHA5124eaccb3edadc0685c2e845a199e34cfb18cbf17054b5fb4276ef0a1c4a5e46cd397ae8fddd57f5cc9a39c4ba3625a3216f7d44cf090a12949460b5bf3675635b
-
\??\pipe\crashpad_4916_WCYTWKDYEGPWAVOSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/180-162-0x0000000000000000-mapping.dmp
-
memory/452-388-0x0000000000000000-mapping.dmp
-
memory/560-222-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-221-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-211-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-212-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-204-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-205-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-147-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-202-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-149-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-151-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-152-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-153-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-154-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-150-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-159-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-160-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-203-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-200-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-201-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-198-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-199-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-213-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-215-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-220-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-214-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-223-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-224-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-225-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-230-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-231-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-232-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-210-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/560-148-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/748-382-0x0000000000000000-mapping.dmp
-
memory/936-146-0x0000000000000000-mapping.dmp
-
memory/972-138-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/972-139-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/1196-371-0x0000000000000000-mapping.dmp
-
memory/1312-188-0x0000000000000000-mapping.dmp
-
memory/1520-197-0x0000000000000000-mapping.dmp
-
memory/1592-387-0x0000000000000000-mapping.dmp
-
memory/1660-185-0x0000000000000000-mapping.dmp
-
memory/1668-170-0x0000000000000000-mapping.dmp
-
memory/1716-187-0x0000000000000000-mapping.dmp
-
memory/1728-380-0x0000000000000000-mapping.dmp
-
memory/1772-365-0x0000000073950000-0x0000000073B6C000-memory.dmpFilesize
2.1MB
-
memory/1772-366-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/1772-342-0x0000000073890000-0x00000000738B2000-memory.dmpFilesize
136KB
-
memory/1772-345-0x0000000073950000-0x0000000073B6C000-memory.dmpFilesize
2.1MB
-
memory/1772-344-0x0000000073C10000-0x0000000073C92000-memory.dmpFilesize
520KB
-
memory/1772-346-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/1772-343-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/1772-333-0x0000000000000000-mapping.dmp
-
memory/1772-336-0x0000000073C10000-0x0000000073C92000-memory.dmpFilesize
520KB
-
memory/1772-341-0x00000000738C0000-0x0000000073942000-memory.dmpFilesize
520KB
-
memory/1772-338-0x0000000073950000-0x0000000073B6C000-memory.dmpFilesize
2.1MB
-
memory/1780-362-0x0000000000000000-mapping.dmp
-
memory/1852-189-0x0000000000000000-mapping.dmp
-
memory/1904-327-0x0000000000000000-mapping.dmp
-
memory/2176-171-0x0000000000000000-mapping.dmp
-
memory/2184-376-0x0000000000000000-mapping.dmp
-
memory/2260-361-0x0000000000000000-mapping.dmp
-
memory/2264-167-0x0000000000000000-mapping.dmp
-
memory/2284-372-0x0000000000000000-mapping.dmp
-
memory/2324-163-0x0000000010000000-0x0000000010010000-memory.dmpFilesize
64KB
-
memory/2328-326-0x0000000000000000-mapping.dmp
-
memory/2328-184-0x0000000000000000-mapping.dmp
-
memory/2472-381-0x0000000000000000-mapping.dmp
-
memory/2716-379-0x0000000000000000-mapping.dmp
-
memory/2744-385-0x0000000000000000-mapping.dmp
-
memory/2780-322-0x0000000000000000-mapping.dmp
-
memory/2784-186-0x0000000000000000-mapping.dmp
-
memory/2792-374-0x0000000000000000-mapping.dmp
-
memory/2824-389-0x0000000000000000-mapping.dmp
-
memory/2908-367-0x0000000000000000-mapping.dmp
-
memory/2972-168-0x0000000000000000-mapping.dmp
-
memory/3028-330-0x0000000000000000-mapping.dmp
-
memory/3140-377-0x0000000000000000-mapping.dmp
-
memory/3140-169-0x0000000000000000-mapping.dmp
-
memory/3196-190-0x0000000000000000-mapping.dmp
-
memory/3212-332-0x0000000000000000-mapping.dmp
-
memory/3252-392-0x0000000000000000-mapping.dmp
-
memory/3384-363-0x0000000000000000-mapping.dmp
-
memory/3492-391-0x0000000000000000-mapping.dmp
-
memory/3500-383-0x0000000000000000-mapping.dmp
-
memory/3520-321-0x0000000000000000-mapping.dmp
-
memory/3604-370-0x0000000000000000-mapping.dmp
-
memory/3792-181-0x00000000738C0000-0x0000000073942000-memory.dmpFilesize
520KB
-
memory/3792-182-0x0000000073890000-0x00000000738B2000-memory.dmpFilesize
136KB
-
memory/3792-177-0x0000000073890000-0x00000000738B2000-memory.dmpFilesize
136KB
-
memory/3792-175-0x00000000739D0000-0x0000000073BEC000-memory.dmpFilesize
2.1MB
-
memory/3792-174-0x0000000073C10000-0x0000000073C92000-memory.dmpFilesize
520KB
-
memory/3792-173-0x0000000000000000-mapping.dmp
-
memory/3792-193-0x00000000738C0000-0x0000000073942000-memory.dmpFilesize
520KB
-
memory/3792-176-0x00000000738C0000-0x0000000073942000-memory.dmpFilesize
520KB
-
memory/3792-179-0x0000000073C10000-0x0000000073C92000-memory.dmpFilesize
520KB
-
memory/3792-180-0x00000000739D0000-0x0000000073BEC000-memory.dmpFilesize
2.1MB
-
memory/3792-194-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/3792-178-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/3792-329-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/3792-328-0x00000000739D0000-0x0000000073BEC000-memory.dmpFilesize
2.1MB
-
memory/3792-192-0x00000000739D0000-0x0000000073BEC000-memory.dmpFilesize
2.1MB
-
memory/3792-191-0x0000000073C10000-0x0000000073C92000-memory.dmpFilesize
520KB
-
memory/3792-183-0x0000000000AF0000-0x0000000000DEE000-memory.dmpFilesize
3.0MB
-
memory/3796-386-0x0000000000000000-mapping.dmp
-
memory/3832-368-0x0000000000000000-mapping.dmp
-
memory/3872-373-0x0000000000000000-mapping.dmp
-
memory/3952-161-0x0000000000000000-mapping.dmp
-
memory/3972-364-0x0000000000000000-mapping.dmp
-
memory/4004-378-0x0000000000000000-mapping.dmp
-
memory/4044-406-0x0000018673B10000-0x0000018673B20000-memory.dmpFilesize
64KB
-
memory/4044-405-0x0000018673B10000-0x0000018673B20000-memory.dmpFilesize
64KB
-
memory/4064-140-0x0000000000000000-mapping.dmp
-
memory/4064-142-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/4064-141-0x00007FFA710A0000-0x00007FFA710B0000-memory.dmpFilesize
64KB
-
memory/4108-196-0x0000000000000000-mapping.dmp
-
memory/4216-325-0x0000000000000000-mapping.dmp
-
memory/4248-384-0x0000000000000000-mapping.dmp
-
memory/4360-390-0x0000000000000000-mapping.dmp
-
memory/4376-369-0x0000000000000000-mapping.dmp
-
memory/4440-324-0x0000000000000000-mapping.dmp
-
memory/4492-323-0x0000000000000000-mapping.dmp
-
memory/4548-195-0x0000000000000000-mapping.dmp
-
memory/4608-331-0x0000000000000000-mapping.dmp
-
memory/4644-400-0x000001B41F8E0000-0x000001B41F8F0000-memory.dmpFilesize
64KB
-
memory/4732-172-0x0000000000000000-mapping.dmp
-
memory/4748-375-0x0000000000000000-mapping.dmp
-
memory/4832-145-0x0000000000000000-mapping.dmp
-
memory/4884-136-0x0000000000000000-mapping.dmp