6a75dfbdcc675d767cfaf741b25ff3e2527c6e9336febe0fb5b5a737a17d2c8c

Resubmissions

30-08-2024 15:01

240830-secv3s1crm 10

30-08-2024 14:58

240830-scf5qa1cjn 10

30-08-2024 14:56

240830-sa1fks1bmr 7

30-08-2024 10:49

240830-mw2yms1gjr 10

Analysis

max time kernel
92s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-08-2024 14:56

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe
Size

328KB
MD5

caaf6e830cfe28f4cc5b097ab52d853b
SHA1

89bf48299ea7792e6891dfd267ad6013a34d307e
SHA256

6a75dfbdcc675d767cfaf741b25ff3e2527c6e9336febe0fb5b5a737a17d2c8c
SHA512

f5cf19ebf5a7ac7a14d8dc687df01d377653cab18d6c03228e0850485d0fb6d49d764eadef4ce7772a75655f62343f5776336ac42995edf592b597a69d45b451
SSDEEP

6144:pfe6Iq7LZgKRHNpfHb0AmhpJuxTQCIQHCZn5FBFOepDZzQJj/G4gx:JbZ7LZgSNpjsJPCIQo5jFR6jEx

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5020	svchost.exe
2716	svchost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Load = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\DwiDesk\\svchost.lnk"	reg.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5020 set thread context of 2660	5020	svchost.exe	84

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133695033999556834"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "14"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5020	svchost.exe
5020	svchost.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe
2660	MSBuild.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5020	svchost.exe
Token: SeDebugPrivilege	2660	MSBuild.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2800	MiniSearchHost.exe
4768	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 5020	5052	caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe	79
PID 5052 wrote to memory of 5020	5052	caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe	79
PID 5052 wrote to memory of 5020	5052	caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe	79
PID 5020 wrote to memory of 1432	5020	svchost.exe	80
PID 5020 wrote to memory of 1432	5020	svchost.exe	80
PID 5020 wrote to memory of 1432	5020	svchost.exe	80
PID 1432 wrote to memory of 3872	1432	cmd.exe	82
PID 1432 wrote to memory of 3872	1432	cmd.exe	82
PID 1432 wrote to memory of 3872	1432	cmd.exe	82
PID 5020 wrote to memory of 2716	5020	svchost.exe	83
PID 5020 wrote to memory of 2716	5020	svchost.exe	83
PID 5020 wrote to memory of 2716	5020	svchost.exe	83
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5020 wrote to memory of 2660	5020	svchost.exe	84
PID 5092 wrote to memory of 3948	5092	chrome.exe	90
PID 5092 wrote to memory of 3948	5092	chrome.exe	90
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 4860	5092	chrome.exe	91
PID 5092 wrote to memory of 1968	5092	chrome.exe	92
PID 5092 wrote to memory of 1968	5092	chrome.exe	92
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93
PID 5092 wrote to memory of 4580	5092	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\caaf6e830cfe28f4cc5b097ab52d853b_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.exe" -n
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5020
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "Load" /d "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.lnk" /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1432
  - - C:\Windows\SysWOW64\reg.exe
      reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "Load" /d "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.lnk" /f
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      PID:3872
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.exe"
    3⤵
    - Executes dropped EXE
    PID:2716
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2660

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840b4cc40,0x7ff840b4cc4c,0x7ff840b4cc58
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4376,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4820,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3452,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3432,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3336,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3724,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3424,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4600,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3468,i,4670450288361589362,16078274442468262738,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4564

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a28055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3cfb7a03-3fe5-4615-bd07-2df097bdee2e.tmp

Filesize
10KB

MD5
da69549a08d236671cd74f96f54e0f14

SHA1
1b28b7984264403b7f5b05d372e49a7fd7bc5113

SHA256
3189bf436100ad722bd90a1b8572c366ff1ad240aa2786dd769869ce9c1624a8

SHA512
9fb0d63dbcfee0da70ae73a8a46a434ca666634738ad50728c381b63f8692f04fcfc1bf9e8e060b6ea3a6fc7d8a1fda25075e33b3e1dae49bb99d779b7ed698a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
508787e731d05b96345318a02cc4a9cd

SHA1
c9968896015dd9893a9a47c64d9bb547ce4668cf

SHA256
b393edc6c981d405ecf030e13c8a9d7d464971a633045b3700eb5ed8a18dae48

SHA512
f9c65f97d10d3b3ed37c6c0bd5b5b60cdc13f10e999bd0c053ce80dd2ec09ce56b2eff8a1a326157f901544c8d507d715bc754eb51361c72554ba3076a339ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c01d17de51a8e9b149c5d9ce72264fa4

SHA1
5ecdda96fbae6a958b48b27ec4b58d3b5a36fe88

SHA256
3a2697892daff9ee93094dc75c7138a949fe506b61240f9768d4587506bfaca2

SHA512
592622455917d347267d620177f43791882e99214c9f5291f89c5d6ee04b7367dc038fe0d67d481e6d2bcb6b02c52e999c970c7bbfab5a0ed226488fe4cc0ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
4e697c95b90e9bd43a7cd947f5acc391

SHA1
8943810a27b7fa9445736b1d9ce6af1be59ba9ed

SHA256
740fde25ee4c1ff94db261cf89a9ff6e051079078d3290af096e5d79f74f6831

SHA512
f253be3f7ef5f7f0c636da4dcdbc099998f59472a26b3a35c13414d0ef398a7e43eedfd1810cae390e45bd142f695b2510a01955af8e5de77328f2eb5eabf9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
430ea5a346ec9afa4817341da153f4c0

SHA1
734b974022382af19a18d3d35cda9d95fde7e917

SHA256
2502d65d5cf557509f42d5b08540ec05f55b0abef5d75b2632c731937cadd232

SHA512
6ad54dc67914a2e6ee0b5ad3ac177492abb3e734b91da911f0afcbc6b777a297ecdf594708605736f1b9d4f677f727d30923368b36057e17915b7ff86a304aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
388ca24479e1768cf123146ac08e47ee

SHA1
7e832926a46b44f4c90c406f795583be7d9cd900

SHA256
922b1694a06ab155f3c13819b453327872b1d0c85d239a617c6c631b5b8a8b15

SHA512
7528941c54ea9afd95f0bc0da0c68bf4c3c2db5091066a248d589074f838cf676a73b2a9ca0c0f9b9c79d7cd14c8fd24853f814d2de73363a2e3c1b141ce5269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5a65f0bf80dcbc50450059f555a1f821

SHA1
a479a486f7ae012246d37e7ede34d55cbfb894da

SHA256
c3e6081790d0ce252caa77989ab5e57726755c1ef37673a5e14d9f8047dac224

SHA512
8a17d00cf312a2c2dcf012c293415dadb52d0cc28bffebbd77e82bda52b28a491d1f2b92b75d48b9f7f6ab9e1fa1b39234d577d18971d3d0506b55b78efc12a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f291a0bdbbbe530d6da9d180ca318e1

SHA1
b05326fe96386fde36459cee0ccb149a8322fbbc

SHA256
bec8a3b4e1bde72626fc998b5e5cd80d8a5d894bcf3898891b004ee045742743

SHA512
138656f05e62bc7700d249e1eda952a7acfbdd01a7897ecf2142ba212b1dca9fab24e1e0a77e3e51c0a2aefeebdd7735b12d1244f9930a3cbe31f2806aa9f1f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
592ba0725b63d3f5bb0f6f6cc6c27b53

SHA1
bd361141b937b62fe278de9b81f3bbac04b03fac

SHA256
0a0edf7e0e512c53b28c643f6dae52e77e2a36c0cdf40ea2815128009affb0b3

SHA512
0378ba3383012959f85acbe466b12a0a31b85a60654db39a0e374f8e07caa82f320260dca934995a68c45017700b16c0527ad826bf5a049fb82b586a718e2ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57473ee53a9d7bce46ffb82753b0c32d

SHA1
4392acc297cffd4a35455b25dc8fc4d072d29cff

SHA256
bf6e54dbd2bd9f96957b39f682ea216db7cda2cf4b02fca2864c8c3686f5e501

SHA512
34c0294dc2d05c7310898b3f416259f89775f5797aafa79c3d57503ef37f6a34d7ff34975486725907d82ef71c071e5746937e0ed39cefd62a5866a4a032f817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d689ad0782103d365e3f68da5a46ece

SHA1
d2dc714581d75674eb3f14e16d9a60b8bb8e0d3b

SHA256
3c92f6bfccaa3090bfdf03f6335a3158c829d24a951a4018ba6ed683201d885c

SHA512
4dfcbd57ab4ae822e22523d6d35cb527de4085e4179f82cf72ca0f2e9c32986d43431b9e9886c0f29dd024095833b7fe64cba1ab6733c1bedebbd9e0a4cbdf4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c63be08300d5e5792caf09ce5a33284a

SHA1
eb74bfca0797a8b622d662a63f5dc7aa1d7b5038

SHA256
54ed7fea318261a62cd903d66bf35b1231cba8d527dfc611b98d7ca6bf00ff3a

SHA512
a24ad8d630323f1553c35831516dc722077db7f0401d0cdc9e01c0009b532c5dc62ba068855a549d24fb23060112bb7f8c4bf0b2e9e665dcbf6b17db75324ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c24e4f05e868538e1d7eff08272f32dc

SHA1
40db0463902a6563248cf0731930b5a8a7fa261f

SHA256
68b9cc712feaafdfd71fe0eee82fdd929c8df700dc3f161999f222c6b3124bbf

SHA512
69830250d7444a6a596c95673fb616cea8c2991cb6198019ae3438b4b3e856ef2fc8beb1355c9292361156a7db29a6b5f5c2524a058e3b3b3e7c657e35c63567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
760cc260ac394dc2f5b54fe26b11fbb8

SHA1
3118a54ae902f040ea545e63a23619f6faad24ce

SHA256
569878dd120547a9d9a534ceb34e679ae376b0cac8beb109838c0fcd45f63b0d

SHA512
9931a2765411aba4c54cf21e6aefaa302a075c45ba72dd88c10233fc1e0890fede221e6565b9d2f88cb09539f9f6963602e6ee5dcb0745942e43c0dba579dbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
e2526c5f5b1ce818e4fabed5723ff962

SHA1
f7fc3c9d6be21cad08ce6c1f64802ddebaff3932

SHA256
92edaae21b2c3988c062b1a7bb0fafd5672b09e84d994d1c194f894f5fa4d387

SHA512
e07b2f0000d6fbc82b9ed7e5e6c4773fc36d734bbc74a615bd5de381903a7a95ed8472e47af4c4328881e2e358f6a3fb087c76c9e3452c51f21a9f51e6671d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
26532151af679af2ce97eb70d997e0e7

SHA1
2e1c69eb71c90f42901874c7db2aac88e09191d6

SHA256
05f0a19b983f7fc3acd88d5f4bbd9ceaec1902db046c32e0c36f79683eb09999

SHA512
43409e60c01029372d364ea512c9b93f11fbc5962ec30ea6067425641094f31a3f50d56160d7655fda96124b0445f4820586cf191898d2bf60ffa00c27d5e47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
0994d7e734ae42cc268890bc1fab046f

SHA1
5db76b248f3060f3f58f4d21a564c556cbab4083

SHA256
5a50aacc3be9141edc4e0c8b46d8d5067ce56742dfb48aa050cadaf495ad0686

SHA512
6e35b7ba26bd162355cfff12cf5ee268bb7b21d0373d9dcbcaf4fcb60a21c47bfc02daab842f1240f924b62492d417aa68587bbba7b9f7942270e0ad54fe6376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
490da22233d1e3bc01939ca2ce85e2c6

SHA1
95e062975ec40eebd0245bcd36ef36b50d603d94

SHA256
e7320390428f36c6dd88b2dd1e8dc009d53ad390b90c1cb953acf102519126c9

SHA512
7a7ccfaacd5a44b67e1729332ccc3ef3ec9990bc33a7ec88606aa54ca11228d9166d9ca0551880190ce363ef8b81520b8b5dde1c5377d6135b3bd46690af31c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\fl.txt

Filesize
11B

MD5
d1c56374fff0243832b8696d133b7861

SHA1
f4d236fdec2fd03914189c3b26e5cb0dfea9d761

SHA256
8e8eab0b4bfdc35c5f238935b81298e43970ee6818e9629d725297ebf03838a6

SHA512
e74cbfc425b9779b79dfb6b53dbf3d1451f9f35a766cc5167932b95c9bdb5288b65f9886fbdf3c3b180bf3a8360bfa1ef577b63e3443cae04b49e7ece433c452

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DwiDesk\svchost.exe

Filesize
328KB

MD5
caaf6e830cfe28f4cc5b097ab52d853b

SHA1
89bf48299ea7792e6891dfd267ad6013a34d307e

SHA256
6a75dfbdcc675d767cfaf741b25ff3e2527c6e9336febe0fb5b5a737a17d2c8c

SHA512
f5cf19ebf5a7ac7a14d8dc687df01d377653cab18d6c03228e0850485d0fb6d49d764eadef4ce7772a75655f62343f5776336ac42995edf592b597a69d45b451

Download Submit
memory/2660-27-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5020-29-0x0000000075110000-0x00000000758C1000-memory.dmp

Filesize
7.7MB

Download
memory/5020-24-0x0000000075110000-0x00000000758C1000-memory.dmp

Filesize
7.7MB

Download
memory/5020-645-0x0000000075110000-0x00000000758C1000-memory.dmp

Filesize
7.7MB

Download
memory/5052-0-0x000000007511E000-0x000000007511F000-memory.dmp

Filesize
4KB

Download
memory/5052-5-0x0000000005EE0000-0x0000000005F38000-memory.dmp

Filesize
352KB

Download
memory/5052-4-0x0000000075110000-0x00000000758C1000-memory.dmp

Filesize
7.7MB

Download
memory/5052-6-0x00000000064F0000-0x0000000006A96000-memory.dmp

Filesize
5.6MB

Download
memory/5052-3-0x0000000005A80000-0x0000000005B1C000-memory.dmp

Filesize
624KB

Download
memory/5052-2-0x00000000059E0000-0x0000000005A72000-memory.dmp

Filesize
584KB

Download
memory/5052-1-0x0000000000EB0000-0x0000000000F08000-memory.dmp

Filesize
352KB

Download
memory/5052-23-0x0000000075110000-0x00000000758C1000-memory.dmp

Filesize
7.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads