wannacry | 3214a6bc1516237a1dd43a7362e4c5d8a48528aeadd8151eae8e9030fd98f273

Resubmissions

07/03/2025, 14:40

250307-r1yt1asl18 10

01/09/2024, 15:27

28/08/2024, 14:14

28/08/2024, 13:53

28/08/2024, 13:48

Analysis

max time kernel
810s
max time network
812s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
28/08/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6f93103b29652dbe18510ea58016058_JaffaCakes118.dll
Size

5.0MB
MD5

c6f93103b29652dbe18510ea58016058
SHA1

99f707cdd51c938b85b43413d982325919f18cd1
SHA256

3214a6bc1516237a1dd43a7362e4c5d8a48528aeadd8151eae8e9030fd98f273
SHA512

4a243ef4bf2ae2b01030c00f576c4c83a378f280e03f356c7298d5eaa41720722616da5dd7e4466b572158e658a01b92e09ff245b9c218949945e061bb40980d
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM:+DqPoBhz1aRxcSUDk36SAEdhvxW

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (17054) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 3 IoCs

pid	Process
3892	mssecsvc.exe
4312	mssecsvc.exe
2512	tasksche.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvc.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693268414003154"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvc.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe
Token: SeShutdownPrivilege	840	chrome.exe
Token: SeCreatePagefilePrivilege	840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1320	4876	rundll32.exe	78
PID 4876 wrote to memory of 1320	4876	rundll32.exe	78
PID 4876 wrote to memory of 1320	4876	rundll32.exe	78
PID 1320 wrote to memory of 3892	1320	rundll32.exe	79
PID 1320 wrote to memory of 3892	1320	rundll32.exe	79
PID 1320 wrote to memory of 3892	1320	rundll32.exe	79
PID 840 wrote to memory of 2932	840	chrome.exe	85
PID 840 wrote to memory of 2932	840	chrome.exe	85
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4760	840	chrome.exe	86
PID 840 wrote to memory of 4844	840	chrome.exe	87
PID 840 wrote to memory of 4844	840	chrome.exe	87
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88
PID 840 wrote to memory of 2208	840	chrome.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f93103b29652dbe18510ea58016058_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f93103b29652dbe18510ea58016058_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1320
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3892
  - - C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      4⤵
      Executes dropped EXE
      PID:2512

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5b73cc40,0x7ffd5b73cc4c,0x7ffd5b73cc58
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1408,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4708,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3716,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3368,i,12690742878978580631,3275530222521248011,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\43eab1c4-da4d-4d91-86e8-e2a0e83e5345.tmp

Filesize
10KB

MD5
adf9d52738d4a33b087605e6ecb2f89d

SHA1
40e9797fccbc8bcd7607164b8ee634eced21103b

SHA256
b32b436d05867e2475be958b7a4b2a540ce2787a71d92c7c6e81fabedb5bd926

SHA512
3429238eae9d6a7d9e4ddffe7ba8732375cb057537deb438470fdd86501308d86f7e1f12d1b55a5b80616f809c39d281c15025e1a3ab00c74ec3ad9b5cbfd2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ade0361171cc9e00957c2505ffa9bf63

SHA1
7260e029d0de71f41a7c649ad3dbbd80c8354733

SHA256
79dd9e792ef7136ef9cc2e167320c324063ea4fdef6a604a8fc720769a6e864a

SHA512
c3678b6891f9c8c95ac78967a515599a2519f1b8a6177fa367d4d7100011633f48a9c11b1e2407817b733bee13f0be913ef1f49da31a1e8ba900f80138e99f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
16KB

MD5
0014c012af470ecf3cd829da513ecc3e

SHA1
8aff3a7e7453002359845b859e9bd66d67602c67

SHA256
7aabddfe9c32c90b998a3fef5583851a5e83dc926b74b197878d12966f46a77e

SHA512
1faccbd449ac77127b02612f0d9f77562f8bd92e9884926e5b7daaa37a30e430f5e5717e0e1088c292ae1ffcde83b14d80e2fbb26f06470ecf3f4986283a4ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
46818dd386f067f4ad05eb3d9a75ad17

SHA1
722f4dd4f8b62eca64e01254e67ff33921ff3984

SHA256
3b737225519489bb25bd72be2b5f20785d1d0c29dc393830ea1a130232b7e0a9

SHA512
f32ca2fcdb4a02c5adeafdecc8fd7b3dddc33059979ddf755dee1eb91910002f0e336603ddd8a4d854a94f9300792f5ebaa2724e00c9034c1ce710187eb2074c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ca0807429626053cd96beee1ea143b98

SHA1
d4856c144096a53b9fd129267bf34e1466ecbd44

SHA256
811cdef81e3b933b4de60f2659e3561705e3341573d6b1cadfac8b9fda9b1b19

SHA512
6bc5d1999a27dc8bb6144e3e83e9ceff7b4be3c95f42b2f45b71f47f967796edb97f38428af5a3025ccb6a422a8ab75e91e185d43f5a8ccb0e17b7d6954ea3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f8b5c6ca94bc9f36f9ae97e66f8c1bb6

SHA1
7bdacc5b1e434011eae986ba45d39be13975978c

SHA256
85ce9a78b18df5db33da168f85eca0ae5f8cb3893536c2a5dfabcad72a4a0927

SHA512
49d09dddb182209f515e27c058599f08a8e7e82057d243098f72c0e684ec361102089669f6e2dd0b232c7429133d97300723b462294dae93a41b666b86bbb9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
46607eb109794485c00c54e78db68481

SHA1
d621531393860571ddd8116389a3f875a64b8c86

SHA256
4a563eebc64a39e093a9ed3e3b95536b1ea465309b840ded2073b34c67c64239

SHA512
1a5ef1974ed5428f3cf3a63de18bc1d0128691a9b3567de695752f39631d77337f3b96570d1b551b31e3f7ad247f6022d378f5caefab496b2fa2712f541e2aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
59266be77db72c600fccb4418bf5be5f

SHA1
d1a3de94a3b9baf83a1f1c2ccd7782cda34b4f86

SHA256
cdaf9b04b948a08008d5c93d51df3846b727151432b021b592aa62f83169daec

SHA512
11074451527a3a2127b1a52f140b40253cacc4719f87d14d7928015281a961151b0b5332fab389d19b6a1e9d3534cb3bc9b5cef338ba5fd0f28895c317540dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7e0e553423307ff8928888606d904a5d

SHA1
3033b472b713853028e28e6b2bbd164865efe782

SHA256
4ddf0a926b8431056fa519d53f1598f03e826773a4f7f27cf4f13a8814b3bd9f

SHA512
a737f39a668692a5158a04bb488d0c2ffa75509c66be3276b0763628e12ba53f2255b4e5c9bdeb2209b8d88376a8a67b6bcac51ccb57ad0989a2a78eda4a7aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4f4a006ba550745b5de307b76f710f39

SHA1
784d328e0d5d4141e8f0cfb0b7170f07986cc842

SHA256
69646dfc3da4deadd0178513b5a301cb5dd72b3b73bd2f4757159eb924f1339d

SHA512
29be6eb98e4a3ee8f8f4b9229ba84dcef91b0cfc169ecf7b930d28153cdb871b13665c977a8ddbdb67791d0dbec0075cf535fd7dfedc16df7d73402e77347b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1adb126c582b27c49062d7a22fd1b1ea

SHA1
23e743f72e554bf138148f0ca0b5220963b4129c

SHA256
025147abb5005f8de683b72f57c678a2b4f8071fa359ab5dbec0d4f63e047c26

SHA512
f2e2bcae6282dc07f520bcb7fbaaeca4193e59bb98726b2c06e12e1afb68f61e090723534ea1d94ce46f92bfd06525eb8f85bc877087ad96e85273bc18cd117f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b337795c5115d44bca42fc0386a793c

SHA1
ee25f20a06b2a48f042ca49cb9514fe2e000980d

SHA256
1f541a6fd3ce8b1aaa9fb24448a2eab3e6142fdcacf3ebc978adef5159a051d9

SHA512
4799e03daf7f0e52a126e64ad590d268fb32cf6344d4861511ba4cedab69984e79dbd7d11022b2cac2a7a100ed6f31da5ce2fdb4d3b8451aee676bda8981f468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fabc31819c9cd389f9bc36fdb792eb3a

SHA1
cdf1b2872ceb830caa662b8cfb8eedeb5496c20f

SHA256
524aa90261b77fd487d4b763113a1c73a6f69dd2c7ded8f1c6cb9c3572573a9b

SHA512
52576cea43b737f824d5c3c080e9de72a24d2c755bfa41617ce03c2e8d050a01c60763623783161d1d916e7ddc698ee65d3f366a8f117ac9470ca5b21c465586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08059ce77b0c6bc78ceb6c5a542e3ae7

SHA1
d57f60a97cc9b99460ac15b0b07bd0a42be87652

SHA256
4cccff683041e8143306eb9e61063b7dfee7c6fe95157249e64095ef64b9ee91

SHA512
a77c1f0f85c34226c31d6eb51e4cb30b6df54fe6a7f362f32ab6069d9b65778a4fe1d691c8a98e7b7d37e897a0c4e6746e5f619560b3be795e671a86e0e6a920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
d1ce1abd84e6d85eb96e1fc27e3c0910

SHA1
8aa6addb84ffc5f0ded56ce266433ae402bdad7c

SHA256
5dbe2b361d958a4140a721d054bdedd1bbdf0b91ae6cebe6a9fc1f22f26cd08b

SHA512
6039587e2f4ddcf83b3d96f18b013ce0b7ff8b1a8c00a0b097691d00d1dee0e7707dbabe73a8b7b09da327ff6f705ada7b02fb19f87f6f74757301b0b2c5e328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
d2c674a4173fa8b40bc01d21e0c25ca8

SHA1
5f06768221e04f978f4b7009f8b2df45540c11e8

SHA256
8433bd356460e0a996a3259e35c1da399ca1396157632658a2370db2385b3350

SHA512
24b61d82c4a699cf4a374cd196a61be41a6bc3bfc262daa007371cfd8ff3842f3061ed52619a62708f1e17340c57c8869574cdc72420ac1a5a9f8a55ae34a10e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5bb11d5e4ba08f285de99b625074bad

SHA1
484f5293202c4e7c08c59dbd68a995b13577505f

SHA256
2223845c5f2d19c917dc7409b7f0321aa8abff9bb7126d0e49fcdcbbd61ffa10

SHA512
7b383ebde8bd49c159ce767cb6fa6b9767645481c33a6f7e91a5ea78b3ea06575d98afc4bb52609f7481ea4a14af28aecab713200c9e507126577985a111771b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ededc344-aaab-460c-97f9-53eaad05c3be.tmp

Filesize
1KB

MD5
588744dc06be586149465a9a3f426e75

SHA1
e6a13efce52d23beb90190f30eea5b2dd758499d

SHA256
5d96f8f4ac243321d381b1c5434e028fafa48d6072654bac6dd827d02526a2ca

SHA512
fde83bf9e009bca4261f5aed76be198c48ee49a42730503e389226e7b37693e6adec376fb78f843936d3fae2aa175c18527f1bc469e451fd5a636ed396b45083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4ef7accfbd4f84d3f5aa490161e4897

SHA1
69139ddae7e3a63b7244e9a810b01742f04c166c

SHA256
5553fc4454dcb1f1b7fa20a66d041e91d509a7653538ecaa13099518391fd2a2

SHA512
4346196777bc773779e6d22dbe7562b3db2b770cd3e148baad6d4fc8a9eb0a79c273f1a9eabd83632f0ca7c126f769473f9a345e5d3ce1fb12ed722d5a030789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
535393c1af0e6c488c886d3202d7a55e

SHA1
525cf295f79889ae1a1b5469705a588d446a9edd

SHA256
932b4fc8144263bada02e2df7170b808e030d8707bfa72ae8683b8a35142432e

SHA512
61b506de1e035b65773b582a16ddc09774661ff3890fa5f4c35a3d1bd25cc6b21916317de892a0f577cea301748b6ed1732f13ea4f1254987c59b33594e764f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66217dd078b9323f7f686ad97d36e2dc

SHA1
8ac949f481065b41b4ee8e80b11e0d831b199bdc

SHA256
dbbc4ca3ce996a8b1767211f3d1e34df153675444919b5ca1702df7b00ee7bed

SHA512
efdbaf0102fd98c32f8e222c34d499d5ac7af621efa9b449cd2addeb1820551dc18eed0acc92a8b5b7a199578a8e1c71d7569801133470a968c3bc558f4de6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90ed7db1098dafc50ad1f9932eb33c09

SHA1
3a80d8cc52b66008b8579ba10b539fb4e4d842a4

SHA256
fdc76b2ddc1f33e310bcbcbcba9c82905f5111c0f4c713eb8f78541d361219df

SHA512
5be2e06bbc66b53016e144d75cf62cf4844a7cdaab309931c7dba5b7c2c622eaa2448363c62d22eceb42d7718ead58efa8d1782f21e7ced0aeb3be12b3f1c318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca538556d08e54bdc68decdf48b5ef06

SHA1
aefcd9151ab91b76606cdd17da3925986de726d0

SHA256
ef092ee8242ee8e0976eca8181807c0227e3e9e9dec7b0d63b7154aff9fc34e8

SHA512
8074a0573a72e2af11b7b790a4813f5cacb0169a835b3b25409118b1ad07208cc5d75944d0ec02877b71a436686bd49915fca1108d35899f3711e6dc539ee010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fe7ad48f1b9d9752b27a37d341237ec

SHA1
d8bb49e0a0fcc99aa9de221de4542ed4503b2a55

SHA256
aae6a5e6d38ab20d58d58603df269e0803fb443f1f850ebafeb793458efc6fb5

SHA512
7c7c5f7e57fc27ea7f91b0821635990a96fcd3ce9c5356bc9af9dac375e30283feb9ff5a928ee0503b212f54581c6eb90def53951b86b65f17f8e64b34976fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7d0edca00b8acf80f89c0477e87d3bf

SHA1
ee072180a90f0e325aaf2e700da5f43fe1b32276

SHA256
bab84c170539910483ad57d8e52c0aa18749aec69363a19059c5152523642c25

SHA512
2be267a3a2cd70bab36e061a5d9ce0fbc15f387d814f1e8700d4aae78c8c5bde8b7d48c7cb243bb9a033c04e34577acc0897bec06b79ced7f15d5f19d46f9060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16df2e5e5ee8c136b21d599a83766e40

SHA1
bc5a26bd056077572409940099ef309f504f4f32

SHA256
53ba15b9b1800ac418e7e216fc3b8afab24650edd6e33c713aa2f06b9227383a

SHA512
d4bf8f819986cf1bcc66a1229a61704df93fb3a9fabccf566f1af64c0414a356b2c5d253028cf468fcf2de37fe1d6bedfa117db673bae92d1edc876a2bcc190b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
778b349605c931595dcbc2c962efcc67

SHA1
fca5b80e89d4ca6001e49448dd05d649350d44f6

SHA256
5173e0d3d3122891725fcf6edb971c03e9c2f35a78fa417da2aa9b2d5f4c2753

SHA512
3642b67052acbf192850a53cfaf7c1e8792ef77a93d1790633b936f20b5628e664e0e5098e58111df2e21b88a3622cb20498c097d482dc9f904952e06f4a8faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6113f18a49f1e4b146fa6ea203841743

SHA1
24211cafed61adffab4255e6b9ce7fe6e8b99317

SHA256
f624c244d28e31c9cf0e0c2ca2b786f97af5ec19d822aed96a38afcc8c239d40

SHA512
66f3a5d3db0a2f45b9e09d461a14f151ea305d73ed4644dfd736790649176ad048341e2450ee8c10d2c1f64e085d5962772ccd3a67b0a73fa6103cdb0a5003e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c43d27ef5b8f7b2c87eeaa2d25f85f9c

SHA1
75e8e18a3412c1dab247e3547e45d78a89632c21

SHA256
acfd68573894f56efd0a3e5564e09bd6f2560e5aa80989f8634af606bb037c1a

SHA512
cf48d059e5e2145be7ffe2603b757257935bbbe00bcea4408de43cdce9419b8bf50ccb6ab28cdaef149fec42b4b40353eca067a1fefa1ce37fac3e9a1bc5c0d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52901dcbe2de5ba2fb750eb22ae96cfb

SHA1
40ea3907263f1f3676a6fe9521ededf5f8d543ba

SHA256
2266ff30cdb0315c4662b289049f9720907e04a9f9851307d0ca59b6dab863c1

SHA512
7ccee0d5c76fea3e9e938843561e6fae1ed8408a741998defda62116ba27cb6eb612b67c0f1cb45d4979351c65c134740944b0cda6b164a475cbc227ca9eb7b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32a778bbd5c96925407433359e76dca6

SHA1
200af4991a76145d3f7a522e8111d6afa1c6ee47

SHA256
9c0521e578a3fc010967c80cf1be5f20c4041900bad420607ef73abc053ce018

SHA512
603784ac291be8abd3a6c28c3828b526eb27b8bb18ef4c0f9703faed3949418fc2d9b8f55cf64005d2bcc3bb64e1a79db2d1e63d819d444c9d68eb2f50bcc123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d6df625b527c138ad999d2d39f122ce

SHA1
09a5417639133c4ac60c43398001f08dcdc850f5

SHA256
56735c23f711be966290f8e633eea51d788241e0abbb240fa7a86a295dad9369

SHA512
36a09db4b6ec9750748488c5cd738db412a6c4538304fb33625bc60683d34f9fd543e622ad011c84da398f05e4b3e6f79aa46556cc05d15ce39a1e523f181bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ab3b561a1312d2260913960151a45bc

SHA1
7cbb7a69dd503de8c5a3ce668d53f4e20be2c9b4

SHA256
f3075b79a9ffbfd101a4e1ec6ebe0592bdd6a949eca34a3fd79273f5782cfc61

SHA512
be7ac227d3629faa63b173e429b6468b2c5d5f54b4da3952b1ca01e7b2c11b788d5a8f96c2be80a4ee1ebf35e82d1d0de1632f4e86756c593a78cdc82e0ca532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0754027188fd90b348e2f718b34a090b

SHA1
008d41531b853d300961a64923b886eaded12c43

SHA256
8dafa100f145cbd7a53b4cc33d39c661a5ec6d463a1748fb66ca90c1d7aadc64

SHA512
c348c316a0c8f6e4ee4ae549961a9b13635143200d9f125fd383871c9658c3a7483a8b77218cbca46aefbb80d96b5f3323d795055abe37dc2f581c56d573a640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99d32c348092fb84317053b4833e7586

SHA1
4c1c1069453528ae1d1c6c558b77481b5df0bd9b

SHA256
32f182919abb9fb772961384f79c80845e2a8cc9a3dd373637e447affea817f5

SHA512
2061763d70680561835b2d9287374824a60949a270566a029916a08a5ba36084c02ecd25f68ef2fac02d3cbd5db7cfdabb103acb5544334bfcd20321296e8d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1dd76845ca783068da0e5d0a83f5166c

SHA1
82c5b51e4deac1a816f7205cfae8da94b9669fbf

SHA256
53b278aee16f589bc5fc053213764b2a4b4cb42016e728941a1b545169046f44

SHA512
6d29f294a196a649a53150de36662c1a3437c96641637e58eb7580a4d42e388daa0960e9a8bbdf9acf5f7a25c4b5807c585c747b64efc49b748444ec5960b799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
acc0c196ad10ba4bfd903819ca432a79

SHA1
510b48d42fbdb06ad817d94aac3ca6ce82ea047d

SHA256
d4edf4a42ec334c2452b8dcd6a8e1d92277a716ba1c3243a16d8d4f0bfda12e5

SHA512
06c0658c633fdb1dbf17cfb0bd00f439e0283ba083a2f1d3210d2ec2d6793cc06d11c2ef041d0466699c20ece0f7eec3212591b96e203a22a057d7aded4acd07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d17d92f1d476a854cfaecafc2642901e

SHA1
48ca7f644328320b23e2219565adb263c83679b9

SHA256
937b064bedf6ea0d6ba2c20193810fc7f92c5f45e4dd8c4b31ae1429d7de8c53

SHA512
670a4929572f77549c81ccbd10b82f0ae792e5c2759a6eb3402838c1314f52c293a69d07661a5a525a9b02384abd458527629f0b83b65ca65154beffbc3e0527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f89099f05b3224c2fc4d5bfca3d7f865

SHA1
99638550410f4011edeebecbc8642363a63e230f

SHA256
d80c86280579ab9ba3973a6f8eceeaabac2f6edd66773fe89b89eaff62a8081b

SHA512
52dd375b986cab86c1acabd7b4ba3c61a62d81c2b4e92f0efb373242e75881e9d63ce55179ca50294b9e28fe3f09a2bd1b118d32ccaaff40cc546924ecca3d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5ac7aedde8976f9d54228e92adce5a6

SHA1
4328a91298e9ac9aef76c114f3db803b656b8ed9

SHA256
bfc45651081404e0799e08b2adaef74f76057a54cf0358e5b8a2ef6fb4c32715

SHA512
bd5c35efb03fadb51cb9329ab9b5f5f48a5e4eaa637aea861b2068cb9aee9df755fa21987fdaf784dd934f991791f0a1ddd18713a5a494f2838a5216500718b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39edd60e1aa60153cdf524d9d86abe74

SHA1
61196e594ade655a0cc42a2384ffcc4e687dc8d2

SHA256
7be358b45b880844d1ad530a6fa5889a450bcaff89bb1a8486474a8d94799278

SHA512
8776847b9323c9ddffc37790fa9a43605b896d191394a63869a7383187c63499ce0d81c9a6c699733ce593dacde3b91071e88476244b5abfcb51fa7461bbfb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
015a195d0d1d00bb1cfce1c6e6193a06

SHA1
f1f696d2d903e82111ac119c2f1b227aefd9a057

SHA256
a68d27a9bdef71c8632de5edde3b7e6f487fb80fd0530f8d105790d07f623f55

SHA512
61207267c782e413b8fceca0a242bda532c06c7ee4f508e005e7c87b384c87d2a5b8a02e5235b60cbfef7afabe094305427f0cc4dfbd0d152f16302cb9398988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90850027766efa20dadad57af14d9f3e

SHA1
1fe8f37b90bea361c79b10bc12af0f124f6c699c

SHA256
51d5637ee18a2debe51b3aaa0cd77be34f2360de6cbd632a467b71d2f1193108

SHA512
d49827de1eb7c46beb095b733250cf9db08476696db4129d0f699542206b952551045eb051e30251e1a2af26afad1ab5d97777fe67ae27b0c608784bf64f5545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4f98b4981ce21d1f28d6e129ce5c40d

SHA1
e88c01dac5a781bbe86b5c3009313b51442724a7

SHA256
b9af20179f71af02c7ef9c135d56262f28c18542b3c0e2437233b729000052dd

SHA512
b7e14792e0c6587d26f0b08cb976c7c18692ec11daeb8726f55e297ba5cd409df85e62fcb2bfaefbcd6e5f0787fe123bdba0bdb39658248292b9a769289c3816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba384ab0f764a787f9708a12694bb066

SHA1
eead8de13d11fe29fe221bf17edb36d484002a06

SHA256
d79bd218cfa527f2230cbd9f551c3114ca0160c836b202e536ad6633c9f66c4d

SHA512
b55368be1e0d0255ae0231098add3084ba6fb838d29d1004c821e9cdef0946238f2a9d8e88b5d1e01b1f865c4bb6ba82829e88b3123e060588c397a1b2a01780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c0ebf82e25db82340e0a4873dfd5e04

SHA1
62bdd2b49e9950cb56d0721e261b6cfbe5258e8d

SHA256
1447ff4bc3f393ea33f975b5d62c2f60cd12c8f4bb9229c01343365bc63f6eb7

SHA512
c50599b7cf6f3b332bed14d97c6fddcb9b5067fc11588248f4f501189ce9e6f0ae4006c52aa24345a43e7518feb92188ec2a351630e9a03ea57cabd33beda674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f73a214658702054e2c95dfd799f500f

SHA1
f2c9eb28ce48a5f1caa2ffd3b5fbf7713eda6e80

SHA256
7d8a4966f279ac623380bc3d43998f5d689e04b01f9780724b689b0b43514c4e

SHA512
795d5fa53b277e4e5aa107ff883449105cf7cb1ff0aab4a39cd8db3ccdf736e57aeb884a60e4865f22e2ce08f2521931f38ff3a7191f209c3622f420267fc206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d27df675a78a29560cdb431bfef81265

SHA1
a41e9271752eb18e4162c826c00b5ebe855294af

SHA256
c6ba71137a3a8d32ac1ce431643ba36ec09c19ab37c6106387c8fad4d4720091

SHA512
2e8d7a687b7b32d5ece1f3120d56fbfd0108f51745dababf788cb197b3ec25f0b1855a956806b1b79f7bfd495f41bbd934d1297ff45dac5f410b6e3608492764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50f77ffd0ab34f54f92e62b90d7e21d5

SHA1
b1daa4041dc8ea790a66f1599b981c18f0cb83f8

SHA256
df2a152a8b290419853d92a3702560501f994359f6a0faf627a772491e3f7814

SHA512
3bb02fbdc5d941015b5b508bdd15cb3d4c4422b50ca4812684035f4be02a0dcafece43a9d06bca6483de96469b7528529fc280aa62f38cb9e49ef876c0b1b62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a75f7b20b3e8534443bb2f116bdf7ac2

SHA1
6865a45dd65293a4a1be2489412d813df4df326b

SHA256
830b4203f16899d5662dbf96605ad29da48cc3cbeb2768f98bd566b8568db3a2

SHA512
20661f2c8684ddc1f08e8bcc95e00720c9f129635c545eb6e4773f815fc88f4116d4e8e40e9b0ad495061c5dcfb30d4e5da046667de0783d5bf33f7e5c65f661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e2221bac143244ac7365a9f709a5f0df

SHA1
ba9fdd653c306141b680df6b5c10630dfb3dca01

SHA256
a3d54c70ed8f06eeeb461230a1416f6be82671fd517cbd1dc30a3bc6ea8fad11

SHA512
de6a8baa51d45b1caae1bbac70d4de8a792883ae9171f58b0bdd966892254753bd7efcecf5b99c16a231f51b44ec14fdc9452e434467ce0f187089c7b9b9adee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e925f9d45612cef2a047b95ae49ab13d

SHA1
7ea790153f9e95853c8054c5c5ba5a6e20839d60

SHA256
07d8eb0925520ad5ee429e1ec9923af29f6d7771f36c48f51d9888f1bd095703

SHA512
169a8f3a0223487140f2b371d294f7689ecd687127b593672abcf07dbceede72a9bf98bee7cd90be894683aa0f32fb4e6bd6b8edcedd091cc6d561f3f4de73c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0fc0b3cb3d4365e2d3d40e59696469c8

SHA1
3960c0271dec69dabab2dcf8ce2f4f84458b7572

SHA256
42714e71d056b152a9b4c9cfd0aea14f2d0e6aa41d361b07f0a031a3f9745c18

SHA512
ff2b31106f452646613210de5bebb88aed2a0e468156487f40f8e8090d5e8950acc03adac70f51ee7231913f64a56613d13f8d99c0ebf7a301bc2d71e860ac9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d05ec70b86a27808e62bf898e102712

SHA1
090058b96f4f7ab3b50c9cd6be7290a272cb7167

SHA256
7ba8182703db11cde36aff74640714fdcee9d9fe18b8dd838623e390eb82758f

SHA512
bbe69ab3bdea1746ded32aeb8f16d515a540a4de8688bf69d7faf53c27a574a3e1e070b8f131b215e011f99e175c05ee4bcc22265884ba5b26546ea894bb7ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b0f0bcdfc2b933ed3990deeb7e8eeb35

SHA1
5bdc917e6b880140318970679e1bacd56a0f26d5

SHA256
222dc45ca68950e28fc1f230a41739b52c619dd1db74ad4aedaffe800731e756

SHA512
40357a4bb08291584b40ae50ed0663e74f05c0a5e15687619e356f87e1a63d985a76090efb848e28f0504bf441f390b0a0f2daf35782fcb4665517303c289114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
cb28ef1482d545d6563e922e3be4536b

SHA1
32d3b082d43a40c77ee5ca84953851aa1f346ca0

SHA256
8cbb7b47af864b9c9f572317e573aca0dea9f70cfbdaf0bc57e17748781859b0

SHA512
161725570dd718578cc9a7e352392bb5f9c40a5bdb639be580ea989646ba32ddffa45354c35455c02062d180fc311b1112e230feea3ded7343988dc1e2ef8f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
8cf100cc36643d13a5dc8bf9a8e82210

SHA1
6c3cd21573eb0fdc9992fbad61fb02824a1c18f3

SHA256
4e4aa3555af56f368f2391d5d55265381595ae45ff646034afe95845cfbe42d0

SHA512
da13092da927b1e99e5314379f37f172e527ddd55e599fed91105f0ac2083d4c3c26e92d466eed0741d1f4f473fa320ef68a5c96faf20ed71dd80787fad1a3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
02880d34f20129a14d02510cb2a1cba5

SHA1
ef623d3a44636f472a288bc9063ce95138166b10

SHA256
222b118ac12d51662d03896c09d66510a88d1145c160c23abc175086489e14fd

SHA512
0e6ecfc36f2f4f1f527d9e0bf01bfb521d2cec71948fac08ea980633585905a7a637e0794ffbd24ba291f76b814faa6a5ac56b1ff865db5b68abc8ddb3775c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
9cad855c0ea7794da8db6fb7386e109e

SHA1
3db4610f76c628d568871a431e79a001b89423c4

SHA256
c30097fdc04b43985272cc987113aecdd993aeab0a1778291eee3f032f2ac768

SHA512
5cacec62d097d12ae9bd80d47767e66c47b35bda5f812ba18df2afc64cd0564089a3ef3a61d35b4458290b82483f5c53a3b7388febef5c47c93336e82789c6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
a151438355ced02dc9a175c20a16b3b0

SHA1
6aba4ae2d6174a1ef75a1ac45fe0c8d55f1e16ef

SHA256
9fe63de314b330720198755dbda229992cccacf9d65668c9693bd0f53bd17724

SHA512
78decc5027db6c75ee02cf35464d5d1f3b8b3314c5ae1c4b08812f6bb1619e0c925ac8138513416eabb747443955a22ecfd6ba85e116c75d0837abcd6b1d24ab

Download Submit
C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
8bcc3517b17394c04e305a5a31fbb5d6

SHA1
8e789cf5b8d483691554d6315212b00fb0f2727f

SHA256
c5d66f91b1b6b9ff6be7ca61ed7989b02d753b182959878db5b5dac064444b4d

SHA512
5137ca1fb369ea7de967307f9038d098562b257f2f3a46fda69e0d8312253b5b61ef2848dae389ea59a9f75a56acab42956b82916690ba1d3f0ce10e3c7e77c9

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
f22c104bdced739dd330228c7818f972

SHA1
c79950f1e331f6d005e469843a6927e8d1bf641f

SHA256
0e4d85f35083e1dac36ed2533d945f4c1b81455241ac5b319680613d833e8b95

SHA512
87312affbfd18d35652f136480ff73cdc7e6933af46bcd2116603776fdc7ac57d38585459530d317d5ca2b2ae560e57ec426b70de9cfadc48625962d9aa022f0

Download Submit