wannacry | 9974ef9a67abde0940c7c44f5a2f76304f5b1f9615f4a471804471a523f5d950

Resubmissions

26-08-2024 17:20

240826-vwd6ksxbrj 10

26-08-2024 15:48

240826-s8x34starj 10

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
26-08-2024 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c352124d7c524a2f4f48ce2ac16ebe88_JaffaCakes118.dll
Size

5.0MB
MD5

c352124d7c524a2f4f48ce2ac16ebe88
SHA1

593e5266addd75e3c12666fd335023008ee42e4e
SHA256

9974ef9a67abde0940c7c44f5a2f76304f5b1f9615f4a471804471a523f5d950
SHA512

ad124d4af25bbf34afa9c05d4604a1973577a009019d3c7fe0060e3adf5c976a1ac20b03ff122a7fdbe6b7c545f030afae396f79be407664dbca0b36960bb812
SSDEEP

49152:ynAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAZ0vZ6GIk:eDqPoBhz1aRxcSUDk36SAc0B6GIk

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 4 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	mssecsvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	mssecsvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	mssecsvc.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\mssecsvc.exe = "C:\\WINDOWS\\mssecsvc.exe:*:enabled:@shell32.dll,-1"	mssecsvc.exe

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (3430) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 2 IoCs

pid	Process
3104	mssecsvc.exe
4156	mssecsvc.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1456	3104	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvc.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133691664278793947"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3104	mssecsvc.exe
3104	mssecsvc.exe
4156	mssecsvc.exe
4156	mssecsvc.exe
4804	chrome.exe
4804	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe
3104	mssecsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3104	mssecsvc.exe
Token: SeDebugPrivilege	4156	mssecsvc.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 3524	1384	rundll32.exe	80
PID 1384 wrote to memory of 3524	1384	rundll32.exe	80
PID 1384 wrote to memory of 3524	1384	rundll32.exe	80
PID 3524 wrote to memory of 3104	3524	rundll32.exe	81
PID 3524 wrote to memory of 3104	3524	rundll32.exe	81
PID 3524 wrote to memory of 3104	3524	rundll32.exe	81
PID 3104 wrote to memory of 620	3104	mssecsvc.exe	5
PID 3104 wrote to memory of 620	3104	mssecsvc.exe	5
PID 3104 wrote to memory of 620	3104	mssecsvc.exe	5
PID 3104 wrote to memory of 620	3104	mssecsvc.exe	5
PID 3104 wrote to memory of 620	3104	mssecsvc.exe	5
PID 3104 wrote to memory of 620	3104	mssecsvc.exe	5
PID 3104 wrote to memory of 712	3104	mssecsvc.exe	7
PID 3104 wrote to memory of 712	3104	mssecsvc.exe	7
PID 3104 wrote to memory of 712	3104	mssecsvc.exe	7
PID 3104 wrote to memory of 712	3104	mssecsvc.exe	7
PID 3104 wrote to memory of 712	3104	mssecsvc.exe	7
PID 3104 wrote to memory of 712	3104	mssecsvc.exe	7
PID 3104 wrote to memory of 816	3104	mssecsvc.exe	8
PID 3104 wrote to memory of 816	3104	mssecsvc.exe	8
PID 3104 wrote to memory of 816	3104	mssecsvc.exe	8
PID 3104 wrote to memory of 816	3104	mssecsvc.exe	8
PID 3104 wrote to memory of 816	3104	mssecsvc.exe	8
PID 3104 wrote to memory of 816	3104	mssecsvc.exe	8
PID 3104 wrote to memory of 828	3104	mssecsvc.exe	9
PID 3104 wrote to memory of 828	3104	mssecsvc.exe	9
PID 3104 wrote to memory of 828	3104	mssecsvc.exe	9
PID 3104 wrote to memory of 828	3104	mssecsvc.exe	9
PID 3104 wrote to memory of 828	3104	mssecsvc.exe	9
PID 3104 wrote to memory of 828	3104	mssecsvc.exe	9
PID 3104 wrote to memory of 836	3104	mssecsvc.exe	10
PID 3104 wrote to memory of 836	3104	mssecsvc.exe	10
PID 3104 wrote to memory of 836	3104	mssecsvc.exe	10
PID 3104 wrote to memory of 836	3104	mssecsvc.exe	10
PID 3104 wrote to memory of 836	3104	mssecsvc.exe	10
PID 3104 wrote to memory of 836	3104	mssecsvc.exe	10
PID 3104 wrote to memory of 944	3104	mssecsvc.exe	11
PID 3104 wrote to memory of 944	3104	mssecsvc.exe	11
PID 3104 wrote to memory of 944	3104	mssecsvc.exe	11
PID 3104 wrote to memory of 944	3104	mssecsvc.exe	11
PID 3104 wrote to memory of 944	3104	mssecsvc.exe	11
PID 3104 wrote to memory of 944	3104	mssecsvc.exe	11
PID 3104 wrote to memory of 992	3104	mssecsvc.exe	12
PID 3104 wrote to memory of 992	3104	mssecsvc.exe	12
PID 3104 wrote to memory of 992	3104	mssecsvc.exe	12
PID 3104 wrote to memory of 992	3104	mssecsvc.exe	12
PID 3104 wrote to memory of 992	3104	mssecsvc.exe	12
PID 3104 wrote to memory of 992	3104	mssecsvc.exe	12
PID 3104 wrote to memory of 484	3104	mssecsvc.exe	13
PID 3104 wrote to memory of 484	3104	mssecsvc.exe	13
PID 3104 wrote to memory of 484	3104	mssecsvc.exe	13
PID 3104 wrote to memory of 484	3104	mssecsvc.exe	13
PID 3104 wrote to memory of 484	3104	mssecsvc.exe	13
PID 3104 wrote to memory of 484	3104	mssecsvc.exe	13
PID 3104 wrote to memory of 440	3104	mssecsvc.exe	14
PID 3104 wrote to memory of 440	3104	mssecsvc.exe	14
PID 3104 wrote to memory of 440	3104	mssecsvc.exe	14
PID 3104 wrote to memory of 440	3104	mssecsvc.exe	14
PID 3104 wrote to memory of 440	3104	mssecsvc.exe	14
PID 3104 wrote to memory of 440	3104	mssecsvc.exe	14
PID 3104 wrote to memory of 1032	3104	mssecsvc.exe	15
PID 3104 wrote to memory of 1032	3104	mssecsvc.exe	15
PID 3104 wrote to memory of 1032	3104	mssecsvc.exe	15
PID 3104 wrote to memory of 1032	3104	mssecsvc.exe	15

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:620
- C:\Windows\system32\fontdrvhost.exe
  "fontdrvhost.exe"
  2⤵
  PID:836
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:484

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:816
- C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\system32\wbem\unsecapp.exe -Embedding
  2⤵
  PID:2868
- C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
  2⤵
  PID:3720
- C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
  2⤵
  PID:3752
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3824
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3884
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:4040
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
  2⤵
  PID:4284
- C:\Windows\system32\SppExtComObj.exe
  C:\Windows\system32\SppExtComObj.exe -Embedding
  2⤵
  PID:804
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:3340
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:2820
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:4608

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS -p
1⤵
PID:944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:440

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:1032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
1⤵
PID:1096

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1216

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
1⤵
PID:1232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1432
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2900

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
1⤵
PID:1580

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1636

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1732

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1836

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1652

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:2044

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2080

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
1⤵
PID:2172

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2220

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
1⤵
PID:2524

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2544

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2676

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2944

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3292
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c352124d7c524a2f4f48ce2ac16ebe88_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c352124d7c524a2f4f48ce2ac16ebe88_JaffaCakes118.dll,#1
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3524
  - - C:\WINDOWS\mssecsvc.exe
      C:\WINDOWS\mssecsvc.exe
      4⤵
      Modifies firewall policy service
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 1440
        5⤵
        Program crash
        
        PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa416bcc40,0x7ffa416bcc4c,0x7ffa416bcc58
    3⤵
    PID:2768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1740 /prefetch:2
    3⤵
    PID:880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3
    3⤵
    PID:488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2208 /prefetch:8
    3⤵
    PID:3272
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4428 /prefetch:1
    3⤵
    PID:1828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4788 /prefetch:8
    3⤵
    PID:3684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4920 /prefetch:8
    3⤵
    PID:2400
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    - Drops file in Windows directory
    PID:2936
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff640be4698,0x7ff640be46a4,0x7ff640be46b0
      4⤵
      Drops file in Windows directory
      PID:2216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4804,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4708 /prefetch:1
    3⤵
    PID:676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3420,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3356,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:1
    3⤵
    PID:4180
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3276,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4268 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4920,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:2816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5256,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:1244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5356,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5516 /prefetch:1
    3⤵
    PID:1476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5644,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:4756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5788,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:2512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5972,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:4076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6120,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6104 /prefetch:1
    3⤵
    PID:1016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3716,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5796 /prefetch:1
    3⤵
    PID:3056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6460,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6552 /prefetch:1
    3⤵
    PID:2984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6716,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6608 /prefetch:1
    3⤵
    PID:3992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6640,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6660 /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6796,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6800 /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5628,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:5196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7104,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7124 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7256,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7264 /prefetch:1
    3⤵
    PID:5320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6976,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7396 /prefetch:1
    3⤵
    PID:5528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7520,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7672 /prefetch:1
    3⤵
    PID:5540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7512,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6776 /prefetch:1
    3⤵
    PID:5692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7892,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7660 /prefetch:1
    3⤵
    PID:5764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7684,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7888 /prefetch:1
    3⤵
    PID:5816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8096,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7852 /prefetch:1
    3⤵
    PID:5884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8048,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8208 /prefetch:1
    3⤵
    PID:5896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8064,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8364 /prefetch:1
    3⤵
    PID:6040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8540,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8524 /prefetch:1
    3⤵
    PID:6108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8652,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7868 /prefetch:1
    3⤵
    PID:5136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8536,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8792 /prefetch:1
    3⤵
    PID:5472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8904,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8916 /prefetch:1
    3⤵
    PID:3376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6664,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6488 /prefetch:1
    3⤵
    PID:5776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5520,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9212 /prefetch:1
    3⤵
    PID:5492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6668,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6648 /prefetch:1
    3⤵
    PID:5448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6760,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9252 /prefetch:1
    3⤵
    PID:5124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=1120,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8924 /prefetch:1
    3⤵
    PID:5728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=5560,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5572 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7392,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:5464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7276,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8672 /prefetch:1
    3⤵
    PID:5168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8136,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7372 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7180,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7192 /prefetch:1
    3⤵
    PID:5636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8872,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8848 /prefetch:1
    3⤵
    PID:4864
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7740,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7708 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7752,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8836 /prefetch:1
    3⤵
    PID:5720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8588,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9088 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7884,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8352 /prefetch:1
    3⤵
    PID:5568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7412,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8092 /prefetch:1
    3⤵
    PID:796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7072,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7244 /prefetch:1
    3⤵
    PID:6180
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9508,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9112 /prefetch:1
    3⤵
    PID:6252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=8768,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9636 /prefetch:1
    3⤵
    PID:6264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9780,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9632 /prefetch:1
    3⤵
    PID:6380
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=9768,i,10340351727749444310,8737316044203272746,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7480 /prefetch:1
    3⤵
    PID:6440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:3444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
1⤵
PID:4004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
1⤵
PID:4440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3912

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:3696

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:4032

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:2404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3548

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3104 -ip 3104
1⤵
PID:424

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1895a6f503b5f7c0521e77c7ed68bdb0

SHA1
cc948cbb8cba4ba07996f690e335c93ddcf76275

SHA256
4a6b58411b5930d14df8ed448bf7588010aab1b9bfc8fef705e2762207e93bce

SHA512
a1cc3c6cd9f17e3176685687893fbdaa8b1f25731f4459cb1b632e334098b1b27eaab96c51fd95e841b37b854c7eeedfdba7f3114687dad79b1a22577ca011b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0afe5ad869e762c26d32a1027b224882

SHA1
5229ed3b0448d3f21c1b1ed97db5aec4aadea8ca

SHA256
3041ae03d3c8c25a70ec821187f41708b1b853115b9fc4a22d0846c4b5c73ad3

SHA512
bb33b93ea053ad908cff9250de1230b9abe3868cfb1d7998813641f25e7f237d33aacbfb58712724e7032073d62582e0f7f5a11452481075f5a0c350467cc51a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c42906e228b87b2c14c00bf797c669a0

SHA1
992f115a247c6264ead2cb15496e633c4bdbdfa7

SHA256
fd0d2267955287c3df61c217b549e9cfe24c95a7827bf128c6379b1a0dab403f

SHA512
a7adbbcb7179cb78ca141b682fd4950f4d2b3f27c7e84928db57a9ab992c4227d9cd78a8d296d8e93279bdb64809ae8f4704101c976d1804432fc89102d74f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\270b5c46-764f-40db-ab7b-f0b1d782355e.tmp

Filesize
2KB

MD5
6ad2205e3867111c60c25461b7a7a131

SHA1
6f60adbab693efa959dd7fcc3231f3afe2c8eddf

SHA256
7ce9b1dcaa5d84b0cc0a49352ebb8cec82baee01ec2626c3d6378c1c7113c7e4

SHA512
4d14f6d44d69a84385fce77b28b3fa63a9f96c7f06b09793b0e55c6f19f1395f558d3ffbe1496881f7d0c288ef525c986afc0de521874c3808828a0544110351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
021fc5d7bdf3e5b41b54a90ab0cf7ffb

SHA1
c1ec86fec04c4a1859e59443a3ad2133b3994269

SHA256
89041b9ef50c110f9e460d63a6e90e2ed615d072ffcb6d6c155b89fd111571c8

SHA512
6657bc7dd5ea33f5dbb048dcf3af65a877def38814175baf45eeba96b3eabe5666955e58d22c04b776861749ae22b790232fc290f9b5ac74b699662039d2d9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
474ba2c1f2739ebe4ad2fd14ce1dd303

SHA1
6588a3b87542d9379619ab5916c29f04bea151f5

SHA256
b914089c90d29e6280ae5d9d31f1ab32490518f4716ebdf95f4612add5f129e2

SHA512
7e26da2f2b0c091c07783a02f43126e97a77a4b4665e44da1d27bf0200fd6f21d791e2c172f96c796728e13b350b6ff85634637b3ce9aeb953f0b292168b3360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e5b705af1117c712a0c922c7d9ffda65

SHA1
32a99360b88bbc11252c3d6e789cee29ba9a76f6

SHA256
17870736b4e9f85f019df9a363a3f6f3a607cd9b9349e5429bb836f9d44f6079

SHA512
07b4c87798d66755ea44c8e6888328b7726f60cc464d7f6188f39d056a7bfb768a72acd00eb517ee816b43ca921b7c8e5eb27c5704ae137eb26411488b8a335d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
98d40907f9aa3b31040ce6b7948653bf

SHA1
d456b6ac3f2d5b45ee5851e9e7a381bd5df6e3cf

SHA256
0ecf7c324cf9921b47a921c8ee053187b7861c7541ea0cda631d798fcd73be6a

SHA512
ab06dc4022c9b7d095416732a0bbed83d71e32a74c798773e2ce46488e8bcc547ac14146fe21888264f2d6c81eaa7bcea9751a4800c5eacae402d4355075c9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fe311ce768f90eb9e5ae80aa0479bb43

SHA1
3eed691a6a725cba6453a2f561963248048158bd

SHA256
09a58198f79c00e146040f0235e976d38ca608b9eb8fcf7f1460443762e3f505

SHA512
3dd146d4bacc5099ecda4676a1664f5de27f3b44c06a1945e763b33687c2320186cf9ca89d273fe7fe3f265ce31f330f5d55af59655412c9b893434af2dd8181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16bb96e2d861908832ce67de804ec251

SHA1
8233ee4377e9e365add11d69f3d262fdc166e8d7

SHA256
f03d7df7d28a066efff699909aed38ce14fa99f255c7fd9a4eabc185fa020876

SHA512
9391d1a938e065bb20cf648fa3112a19f45cc097bc1f24269a52d10e6745762596309f77f07bff1a4550bbb433bbfd426aa6909470db7073f442137429566406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78c5f3a2f743a37b7b47a4fa4cecf7bf

SHA1
472127e39121f81f367c9c5147e00021df210f07

SHA256
46f3c43a881c7f62b8d8fcbcb466f92f30c17afb99daf6e0ea12994d4d7838b1

SHA512
9f79b2aa51b4793380d05e0dd27edceaa33f8e6da838b644ae19872f624234f7a09f0f0ffad6d1bfa76793ca16492174f858db6c28f61d158e822bec6efd9872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac21ffebe3b5cbafc2eee0c9066478ae

SHA1
0e12e7ffa24d101fce1746711cea088c7d33336a

SHA256
e9fbf284ce8bba6175504b56f6d0dddcbb72a30ed213fc4f449b9f0f305daa38

SHA512
7fe095a96c370757ff8b28fdf7648d097f1f3e2cb4209417a7288ac443ff74138b42229ce55fe19dfe1bb452bdb4608d3bb1ecd47af586a4b16ca78edd9968bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
867871da919dfb58dbe8cff54c08f3f2

SHA1
0bde0093103aa552a79dbd49e270db7c2c9608ce

SHA256
e4e6574dc1cba55fda14b11627c15250b8b5ea3abce37e65828cdd0f948122fa

SHA512
425bb18ed0dec84eb4409df74a9299942740a742a96ab40f2ac15cefc3e4d6a7bfe4e62df0fbfad549f1abcc2a5500187b845dd8e906fe154885fe0b3c478875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d3e37f11b5d6c927d2e8c0e762f0732

SHA1
3e6ac6ba156a9f6158b9a56e25caf96b9d3ec382

SHA256
7e2dde5ed560bda75e23b30dca56338078b6863c1d1bcedbb5c1a5630070aec7

SHA512
e9f25ad1db9cf67ec9bee6e226d5834785c9990afeaeef639732c58c7073530f91edbb2f9f17a3dd5efcfce90c72d8c25b28ad118cbb334d024599c7fdcaf649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e71ab266ab3ad3e1aadb24304101a32b

SHA1
190332e831fea7736d042f3c00a7b9e80298a4ae

SHA256
2798ad0cfca291544a359730783a955f04dc3c12c74206fd335a0bd27ce11b22

SHA512
dc12ca862bc7754850e0ae24915e4c18bca51ebdee9ec5a67cf8bfc70c775e09a725f6b80c41eef266bb41f05c501ec55ac1b5b1d17a2f5d0438fba7a4106936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b105b67fed09a42e07cffa4497845396

SHA1
6dea99288dfc3e9a6b39e8a559ba1d9727c8776a

SHA256
4c4093aad2e3e71be69e8c96f5914f87c085af9801dff79820d9f022cf66a09c

SHA512
f10a591b9f5e9b0242b07b9df06c0c682f3eef7ce978f9c76b1dab818540d347ea6e221a1ea53c6e051a9a2eec58594464e2c549995b797f9dcedc0151dc6476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
944756de93950ff8f099ad32e9111b89

SHA1
d58644ac2f9166112170a54f12d109a9ebd8d8aa

SHA256
0747ed20051f16b37c858a05f7a7df77cbe72c8814672f9c6e50de79d8a18142

SHA512
cacaf752833da279821c36970f8d29db30f3b8f03c96811d1f0e21ac83b83198e4eee3ca6a9be89eedd10ce12a47765edcbf211a6cc4e3be34d8e74c0d9c50a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2e4998c24d797e325ed8bf8dfb6b74e

SHA1
128bb738d53ff575e9654f6013305980e9fe7f23

SHA256
539a5a77013d1e53e7618419c291904dcd53768e039317088938f72d27d1ed49

SHA512
095b0f9c92b8a1aab4f47ad42416b60dee96fdf3af755ead236c2ed6292d2fe3998968b08a7a5d6894dfca1378159a35c3631e64c5d61e2ea6daad6c2be1c239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
667e043bff54ece78f9c805209c8f0e1

SHA1
d1354c8f9638d5ad94fbfa025513776120ffcb81

SHA256
491c2c15cd8c9fc4d53a90fe0696eada0893eb9421c155e0074f00f27915c42e

SHA512
ac0dcd1f7e6d1286ed3d6813a2743f979fea9e945b218a9c6d9fa295eeff53df7a9ff7315a69f82a70a1f6c805b9dce360518cb1f7fd942fbb2b600a194abfb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
3e204ce08eeae6b0d4b23a74a148aef9

SHA1
7df8a4b53a4450eb65a238d71775fb30b1fc1276

SHA256
ff45c7e9785072710bf53815210594176aeffa22a783bb2522ac5ae6bd469b09

SHA512
fc4265d15f16336ec54642d3f33dcd994224686b31bad0991be28245cd5591ea62ded64df2fb782088f20947cccbc06827151db05fda436848c895a37ddc51d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
b7f310eabaa7718677a244d32cc9cc45

SHA1
ade36a445a25f389d57ae491bfa4a6c6c5fd90c9

SHA256
85057c9252d956e43a686b3f852f333cfa34b8f51739da8f52216041c59677cf

SHA512
d67a1126a394a0ae1c0bbcf57a67ea4399a63fa3eb8549151dc2438ece31c2e8bc8c81b22cd7dc58dd0b604bc1718ec18551c4931ed0b78a30c1afb273801da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
23a1ab1202bc1a952f18888ce13bc5ca

SHA1
68c77e60b3ae9f86b8bd07b15659cb38b240d19a

SHA256
1e946a983e280d93452e9835d515b9f8a78eeb773f203a1f080e1157c6a01ff7

SHA512
0190b0900820352894d89fbd9d73d15a1c569b592fc1a212acb3f4af93f6a79f35fd119eb7fcc2e4fe034b40006ec5ca0200bc0e28f5cb39906ed080399e6049

Download Submit
C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
14d3bde1edb2dc541d96b3c17df18d09

SHA1
dc0516ec0f6ef74e2e05a364a49337a7bde60f9e

SHA256
acead39967484b84811ba80b3811b2493c8cf8d9257c7ae11037bd1cba55789a

SHA512
880435d8cf8be250679678f402d636939588ef6c1cc27dad946d3e521e1cb363ef5f005690868c7577ea9c9724419f36a19e30474d7249a23eae783113dad3bd

Download Submit
memory/3104-14-0x000000007FE20000-0x000000007FE4A000-memory.dmp

Filesize
168KB

Download
memory/3104-33-0x0000000000400000-0x0000000000A72000-memory.dmp

Filesize
6.4MB

Download
memory/3104-6-0x00000000773B4000-0x00000000773B5000-memory.dmp

Filesize
4KB

Download
memory/3104-21-0x000000007FE20000-0x000000007FE4A000-memory.dmp

Filesize
168KB

Download
memory/3104-9-0x000000007FE50000-0x000000007FE7A000-memory.dmp

Filesize
168KB

Download
memory/3104-19-0x000000007FE50000-0x000000007FE7A000-memory.dmp

Filesize
168KB

Download
memory/3104-15-0x000000007FE20000-0x000000007FE4A000-memory.dmp

Filesize
168KB

Download
memory/3104-13-0x000000007FE20000-0x000000007FE4A000-memory.dmp

Filesize
168KB

Download
memory/3104-10-0x000000007FE50000-0x000000007FE7A000-memory.dmp

Filesize
168KB

Download
memory/3104-7-0x00000000773B5000-0x00000000773B6000-memory.dmp

Filesize
4KB

Download
memory/3104-8-0x000000007FE50000-0x000000007FE7A000-memory.dmp

Filesize
168KB

Download
memory/3104-4-0x0000000000400000-0x0000000000A72000-memory.dmp

Filesize
6.4MB

Download
memory/3104-5-0x000000007FE50000-0x000000007FE7A000-memory.dmp

Filesize
168KB

Download
memory/3104-18-0x000000007FE50000-0x000000007FE7A000-memory.dmp

Filesize
168KB

Download
memory/4156-59-0x0000000000400000-0x0000000000A72000-memory.dmp

Filesize
6.4MB

Download