hxxps://wicovers[.]neocities[.]org

Resubmissions

01/04/2023, 08:31

230401-keytjsgh86 4

01/04/2023, 08:27

230401-kcxtgagh78 1

Analysis

max time kernel
1799s
max time network
1689s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
01/04/2023, 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wicovers.neocities.org

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248187209154492"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	control.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3396	WINWORD.EXE
3396	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
2952	chrome.exe
2952	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
636	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: 33	2624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2624	AUDIODG.EXE
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	4956	control.exe
Token: SeCreatePagefilePrivilege	4956	control.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3396	WINWORD.EXE
3396	WINWORD.EXE
3396	WINWORD.EXE
3396	WINWORD.EXE
3396	WINWORD.EXE
3396	WINWORD.EXE
3396	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 1352	1268	chrome.exe	66
PID 1268 wrote to memory of 1352	1268	chrome.exe	66
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2492	1268	chrome.exe	69
PID 1268 wrote to memory of 2008	1268	chrome.exe	68
PID 1268 wrote to memory of 2008	1268	chrome.exe	68
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70
PID 1268 wrote to memory of 1164	1268	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://wicovers.neocities.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa82e9758,0x7ffaa82e9768,0x7ffaa82e9778
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5044 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4952 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2568 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5328 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5988 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5848 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6128 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6372 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6492 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6272 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6652 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6992 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7120 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2456 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7672 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7292 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1744,i,2430761413287181226,13936775978304603390,131072 /prefetch:8
  2⤵
  PID:4764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4956

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4880

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3396

C:\Windows\system32\systempropertiesremote.exe
"C:\Windows\system32\systempropertiesremote.exe"
1⤵
PID:1040

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:3768

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:2040

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:2540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:584

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:308

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:1780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
107KB

MD5
f7d0caf37d196733802d70ffde7306b0

SHA1
29c3b2044acbe4ecd75557563fa647ca5ca953db

SHA256
108dfb988d1c7838a44fafca3abc98945e7fc45a8c471d382b4450093b0d6045

SHA512
84dd29afcf0d540af969de55639b4329f57eac29ce6a541fae5dcc1090f4fc6403e574fc1182dbfc3063c4b6bc3147c26ec623026e56b970d301009fcbc738cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
25KB

MD5
2052ef28809adc1ae31783e49e4e30a3

SHA1
79c8139ea0b73d535936302461a6f4ed77075ac5

SHA256
960d695d163189e98eaccaf8c4ddda885f611d531a1a45c820917c81e707a204

SHA512
dceac4333404a7ebb0ba344fa2ce874247e576fd5eed5b6fd4d0230dedba34b0f959fcdadba34c004e0912d032cad28d31d125ce789dbc82e8508cac31c72162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
2fa7928783cd176db6ce265bc67b8760

SHA1
ddf0f5315a658b4d2ab0626e0f75f2c77ffa498d

SHA256
5e2ac0b7eb76d43591fd9b28e014b195c82507dc435c1b42e7780e08368955e6

SHA512
373d9504cca710ffd7669469de12639ca2f1b8dd8016eb7f6f8182903cca8dbb0de6a050be9d9ae9a25615d260870cb572fec51d021e996030dd559cc91d0592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40eaff53e4e1970d465e2455341b162e

SHA1
cc0c1db322606af4c2f482f5de6a736ed6e49c6c

SHA256
f31540fb1a105012cb82e9a6459ad99c992b61e17725263000a7ca790d96d8c5

SHA512
bfca2cc007c697d70dfb61102d0921f4884a10b02319218bb9d08c5113268464766cbc17f063260b785cc885f8b3453201c3457ae8fb7d58dad26902435051a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube-nocookie.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e0b0ea87958a79a651b5d8b72d8feb5c

SHA1
26e5d0117d679153df0d00bef29a120d92ff1ef4

SHA256
08d55c282cfc25080e49e021fedabc33b31033ff3fa726725a6bf4d48e4dba80

SHA512
1709ea5ab060183417d98d1ccc3af506480aa465f8de5e9aa7529bb67cbef9ff57410a8afc6a0a9f4bdd76f6d753994d47d7ed5c810efa741a73fb666fb3b3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
1f0b263a8bfe4ff4413f5ec60d53faf6

SHA1
e338a73b47dab377379a0be23de9329f3126f41c

SHA256
65d9254db4f34140ad7e9963dde556f2cbe8ddce453bf4ec5d11fd0cffb80d2a

SHA512
d3db0bfc3fc0cdc1a3c8e1b995987038bee123736a0e6dc4dbb46fa5817c094131b4629fbcb2f4e2ae06503c646f51fbea2f45c7397105e47712fed0908bebe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
32c9b714009f21ea2450f1a125bd6d48

SHA1
28ad3244220c3577ac13650c4568169269ef9948

SHA256
d358a315dbd534f0768a4e81f6e351c02aec4e99232ad1a3aa3a0dbb609fb9a6

SHA512
20b6a156a0a8eba3bbc37b5db9be6aa2b07cbc2a8b721b5b6e877527e448f68edacbbd39dd0f7f9b3a7c3a7601d32f95848babbd85a39f6b4d691c80cd481ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
0264a58fb61261c2ceaf5c12f1544ee6

SHA1
c3a874f8e38a7a44b22e282c7e5943eca059c76a

SHA256
869aa31881b11a784f551f8cb7a284e658c6b496383210bdd8604a06f5aca2d5

SHA512
3fdae2fc08bab41ef98285446d71db24165a94c9f2dcdbc5512212818d52e8048c3158597cae10655444df7617cf2f58e804e4fc448a322ac0cd7ad84f41d8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c26f80053362421da9a40ef0f907aad

SHA1
20952441ae4786ed14ac94ef93215e4a138e623c

SHA256
bb082d4265064e98a9ac6fece7fe97675c274194aa65ac40c942e680bcf296ea

SHA512
a21cb6787dd55eb5ee03b91602781f0845637bfec31cc2a1adf03268d5947df16baebf472ff8728906edef2305fa3ac339b95c51e7db96c000ea2171634d28b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
74df8b0b96d192b375c2adc041f8616a

SHA1
528a2748fa0840737b4c6e3ea3dcf0399094e5eb

SHA256
773e08e8944407180798dfdd90d35f3ac254842b690a15231b47d5b0a082cc1a

SHA512
e553227f7a374836608ed95dfb29b27df9a69ae9cce106e3a30d698c1b3a93061a38b674e513ec5f6a06f4f34791a8403d9beff60fa957cf1686ad6cccbcec09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
94910b971c74a77172d112a51080bc2f

SHA1
4c2b1bee8d065ffe769d97a9b6c567c61a6b90e9

SHA256
65f8bc6afe170b51b8d3d230c9591b2a9b5f883d0af659bb44d261983a0507e3

SHA512
1e1bef0b9cdb0e99c4eda7b2b368836495f1466b3597f2b975baf94c4976de9c0f95c1bfbec41086e41bf377ffef31bff8cf8dcc64ffd92d0baef9c372c1d534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58cffd588943b81f73765c028aa5131a

SHA1
911ed1bedd742765716477aced681cb121ecf748

SHA256
fbdbfe6c14336d9d8705ddaf65e017ba6d4ba33d15c7e2c1cb2d9221fd565995

SHA512
f78a4166cfe6c408c767e4c7e2518157f253287cd08efeccfc2d0c5e766b4ede2ed523f758fd21950ab238f6b7ca186527a8e05c44ba4c08867810dfe9d50bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b1f7413f116793c3da178e77213deed

SHA1
32db845063141446648e64f1659e868575469d00

SHA256
df3b337ab2513bea9fea668e92c56655d647d88a833c5c094aa24bbbf69670d9

SHA512
c8716d4860aa36253b2696ca6a32014100058a97e14d02f62fd43768396efb69aad7810608d8db02893934b524cfc11266125690a078c58cf7b9b36fa8ff2a21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
73a465dadf426a1816e6124332dbbe2a

SHA1
9016ee293d948b12d364e9eeccf7eec06a1aa032

SHA256
60ebfbe19e0b00485e81b7fa15d8988ac37bc2cdfd734311d3ee4b24f562a8bd

SHA512
e55d2a34a093562bf8cf9d051dcb7b1bdf459a86cdfde578ece91f76ec18f7fd1007db5c93dcd9864fb97dd7d5d7581ec6bbfb0d0e867e04290bf434935725f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
138B

MD5
35948bd0ec5191ba21209f15928a1ff6

SHA1
4d98a45e581b715f572d56ec961489d5a4873f8e

SHA256
11ba9bb35523fdc9dd709a593eebacc7f74df6c5a09a6e0e048ca74a3b64ba2a

SHA512
706ab6f5fa81f3d22c903cc6ba5004ac494daef7a1086626e80c61f418368c66e8450d52b6cfbadeea6eb27e28470455cc7f63196b443bd96a2cb09b8142a857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe56af01.TMP

Filesize
138B

MD5
794b789020e54b537e0b1db57d1eb856

SHA1
4c2b6e2044f1642022cbf3d4817deb99fecd77de

SHA256
27c8487982030c2f2ccad9e7c506de3eae9b7d914c4e483cab522f7f847466d4

SHA512
9a2fef136f5eadaf3e51df65d9eeb7a580290e1ed614281fa74c228ab89f01da4fe8c6ec5edd007f47894bf9766baff4c420ebf235f5244372ff559c8a142a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
dce4e264633e5e9b9d78bda1fd4515df

SHA1
3b78e20cb76caf9a89ee95ad41c735afbb37e16b

SHA256
00b712e41635ba4b8d536d2488dba9c34ff2513b2de02099c4fed1056ac01506

SHA512
4b479b9694478e388b51ceae4161aa28c0c79016ba7befe46aff20d64fbd4797b8bd2395862a44f241c6d312ed3c4b76b8af210ad1785d1684f7d50fffe02c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
63e9763d7170f99ff83bb045197d828b

SHA1
753680d58d761f5c85884601ca5a9fec4cb9b3c8

SHA256
c74ba2bdee88f24cc0699bc977ee3825067e5a10e719b075a625136708becc6c

SHA512
0659989672414fd24c039d669fba793e40776e827b3fbd2a0a386a788e4eebe1c6b3c0d560225b9d1f55323658bb3cf1fed719eb42f9211d1b6e2d1dfdfe9293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
b2f22a5945c3031cf3ba1361047ac6c6

SHA1
55620f0523412c29af0054113eacd0f7a914d51e

SHA256
83905bf664d5a23cc50bf0f17907ab1dca1fdfc681bf5670351e22032eec6db5

SHA512
46ac9e211f0f3a01d07cad1c0f237cba27cd4cb42f4b8a9f4406cdf336e5e8d175f16b5e8581d2da3ae1b23284e5b94021bb8018ba16aa96306e307368c31a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
e53b843633537e22b4a2bfdd8a054505

SHA1
c4fb3c1cfd6642ad4981423077ff7d0c0a95dbb7

SHA256
a76af1a827657779f60ace21570e623f34b69bc1843c9c2eaf5bebd3bc0f7d60

SHA512
ea9b758c26a67ba41a629c133958946e11cb121da0791ed5a066eb3632e5f93783f2c546183043c4dc379969921844e12769e954b5901940070b1a1081c2c3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575072.TMP

Filesize
100KB

MD5
c334b2db3de9247fc1f5f4293057c530

SHA1
ac34380a3d50b782ddddfd677998c78c23d6ca48

SHA256
78e9ab3d71462153f17aec82d9114d6acbcf03521afabe520b38923494049285

SHA512
2b9cd5daac3107b26d607b45124c916437fed0e4dff6626193736be667743a8037f57cc9854b0073785d1f6233c6c17e7fd6e0b097fe7d90566d4e9820bdee5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\3082\StructuredQuerySchema.bin

Filesize
427KB

MD5
d0e8fbe5ccc2e17aad609af7488bc180

SHA1
4d9a98b9e576186a6d9501f710d1b09a65915cee

SHA256
838f009f2a3c0dafcc145de51be842d6b0b98915cfa67025050e45acbe053c16

SHA512
4b12e8dd0d98a82b9643001bbecc8961f927dc047ac3d6e0e1e63807b933a4f69b6f3d34cd8aa60ec5e0241d10ee137566006c2edf45bd286b90fdc484b9755e

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netsstpa.PNF

Filesize
6KB

MD5
01e21456e8000bab92907eec3b3aeea9

SHA1
39b34fe438352f7b095e24c89968fca48b8ce11c

SHA256
35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

SHA512
9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

Download Submit
memory/3396-557-0x00007FFA6D460000-0x00007FFA6D470000-memory.dmp

Filesize
64KB

Download
memory/3396-559-0x00007FFA6D460000-0x00007FFA6D470000-memory.dmp

Filesize
64KB

Download
memory/3396-552-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-554-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-812-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-813-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-814-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-815-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-551-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download
memory/3396-553-0x00007FFA70F70000-0x00007FFA70F80000-memory.dmp

Filesize
64KB

Download