8d71d5a99a14d2787d25c5b222f8c359cb9a1a4271dbeef957904229b9b4cf63

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe
Size

3.9MB
MD5

f63d88dfa5989ab88b8f87c9c8036ef2
SHA1

2b5bc2e4935387cb8af51c7b88ef4b2f59b6fcfe
SHA256

8d71d5a99a14d2787d25c5b222f8c359cb9a1a4271dbeef957904229b9b4cf63
SHA512

9366b96f73ef771a6b2fa1bc6fd9648ec63e82891f81fe7686f8c852c45115a057cd640f400fd081432af1dd59361ba5e6f7278c37cb1a00086eb65cc6f58758
SSDEEP

49152:I+FRBNWQDV8Kp6F8ftDSe9mLdx8kSogcwzKToFPWfYV4T+LeA:IOWuV8KuSog1nWQV4TR

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2720	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717491415584372"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	taskkill.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3824	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 4588	3824	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe	86
PID 3824 wrote to memory of 4588	3824	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe	86
PID 3824 wrote to memory of 4588	3824	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe	86
PID 4588 wrote to memory of 2720	4588	cmd.exe	88
PID 4588 wrote to memory of 2720	4588	cmd.exe	88
PID 4588 wrote to memory of 2720	4588	cmd.exe	88
PID 3824 wrote to memory of 3608	3824	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe	92
PID 3824 wrote to memory of 3608	3824	f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe	92
PID 3608 wrote to memory of 1940	3608	chrome.exe	93
PID 3608 wrote to memory of 1940	3608	chrome.exe	93
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 2932	3608	chrome.exe	94
PID 3608 wrote to memory of 4472	3608	chrome.exe	95
PID 3608 wrote to memory of 4472	3608	chrome.exe	95
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96
PID 3608 wrote to memory of 4508	3608	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f63d88dfa5989ab88b8f87c9c8036ef2_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fa5ecc40,0x7ff8fa5ecc4c,0x7ff8fa5ecc58
    3⤵
    PID:1940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
    3⤵
    PID:2932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    PID:4472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1864,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2276 /prefetch:8
    3⤵
    PID:4508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    PID:1900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:4768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2436,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
    3⤵
    PID:2784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
    3⤵
    PID:448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
    3⤵
    PID:1364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:8
    3⤵
    PID:3780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3128,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:4384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
    3⤵
    PID:1076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3656,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
    3⤵
    PID:3956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1152,i,16942020585172185345,14531654498040515728,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3628

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\24e59b4b-b2fb-45da-a5f8-270e073f6bcd.tmp

Filesize
9KB

MD5
a99f6c33ba90061cd21b10d331f68a64

SHA1
cb6578901c721b748fce8565b7fb4ef1c1e3ddb3

SHA256
c26ada88537f6a38dc0999285603083a684a6be89d53ad064edb58a451f8b7c8

SHA512
087f8f3ee1c96bb4df50e7b5a60abc7339ba4daa2f3ac0efe8c99fa75823c4b0eb406bb0e8ebbfc42a82ecc87612789cb6e0f4d983041aeadf0be6ef97cc979a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a2426b98ae7dde45ee6eddef5c8b4a4c

SHA1
d7ae2a08b6267a348dc2f8eb988d614e2ebd6c75

SHA256
7d29d7d33e222482a35176fae71218d5a9060b941eb9c1d53478eb66ad2bc6b9

SHA512
b0e8bbbb3fcac0a38beb9f235ae631ad02d82d5cac244a14517e55443f2b6920952afcabba078e93f28dd8db4a29094dde8633a0b7cc21409d75a933891154d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
50ee7af0ba858808f9e11e5b722d590d

SHA1
7c7b4119062de616dd210f3e05671fbe3295bdf0

SHA256
9dec90c97a56c316b2a38d02f641ca8d7c156dcce37ac59e4e512667dde8c93f

SHA512
5e52f1779070316446f1b0bcc9ddc0a43151e66f3b455b5d7eb6d821137b85abed27f67753a7b40b44ba97e3c66072cefc98ca3ff6c9d408c72fd34affcab01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
32dfb0609d588511788a01459d89f3e3

SHA1
333a2c4e3bcbb967052d327ec6f89ea004709793

SHA256
1b6a34367384c3b2fac05b99a8ce71db48c1dafce5f4ce8bf5c2295983329280

SHA512
84617b49e89ca4f9d1ebf6406e70171fd3d9a1d22a25b8f3896d6a535cb210f16e7acd16fb240d9652af2b51fc5a8207f5e09c2e4c8d7ebb9af73e6c6e00cffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2b1b6fca55ea842c77db1312ac9c1c6

SHA1
e7ecc34a2504fa4b630a693aec6faf8689ae53ce

SHA256
241bcec13f80c174ba0a9cdc877bfcca74a615afdc8d89fcfdd673bc819899ae

SHA512
a68d12349cb1e964d1f4f0a6b63467ef82614ceb086a3db7b2193e101c2e8d80d4794136d098dff7bd7e8a840285eb47170802cecfeb7fdd4a71d202196c914b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d89aa1470d6662c6b68ace76a153aff

SHA1
a9e323aa22101f0eb0ad010efef39bb468588afa

SHA256
9103891ddbea6fc86c847edf8e66fec4622c75bf899fb37d6e4be12029dda487

SHA512
632c8237c82d87822e435bd9fa3862217ad8b660455f2c46f5c2f0e06f0423126f7cd37af386370a854884bfb94ee4e03a3dbd4a6c7048eb2e544d4b2383763e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b201241e47626854e30b0edc9c145b65

SHA1
6b41dc221b77d83a6632990665a560054166c4e5

SHA256
443e04f1e40e7637cd1cc46b076cb43b76c4e6ec468fa7a669d9f8ccf433e397

SHA512
c74b0fa90419830269fd139a6a402ba77f91595c44fe9312b527391cea50bc0ee5981eb34b6d0bd2027c0f9d66c5084adef2011bcd539dfc783e383ed20e8e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ada5539d720a945530fe97f85c8c39db

SHA1
1ae71b47263ea0021ee3edf766d40e0c06a46d9d

SHA256
9255f58645218b937f59e3c00f1d1185af89006789f29d15862176856203eb94

SHA512
4e59c10fb634968e18d2ea6c501ee4bdb4cb75ce4d33425b77d8602c2d8fb93731f18bf5187e2ac1442908e923e007521ad6bdbede9aeadff2b5e6f22f2747d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4b29ecdf2737f54706ac7fa32409ac6

SHA1
2e1ebdd1c5e1dd25b275061cc78f30b4012d173d

SHA256
c3fbbe2639018d8b195d0b2e635fa437b8aca3e7db1b715319b10b3dca17d797

SHA512
49a28503472ce99a499746c07f0873a5fa4e2c306f1f33e2c4ac4fd7741ca6b83b8692fe7a64d6c1a70ed79c7066cfb189e3b1810afdb12aa98ae55272df68c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
19dce853c13ec05f5b956e992dc8010f

SHA1
0966d533f593a32ee3cc49171bbd2abfad61f02c

SHA256
7b7ea1588d3accbfdd9daaa5f4d8f34e63bf6be7764fe7036375f2b3f240d56b

SHA512
db053bf29a3be45097bbf19ce67fb35158a5e65e95af744d150b29feda028e60b89df3271c17a23ecdd1e4f7bd5ea0bc4d381612205d78c4105d92855a7bfe06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
3b836e4f7b414248f96d2756d7be56d0

SHA1
c6bd8e42330faf85ec148418c12a8272789eb314

SHA256
d2e39844c0ab20ed74161c73c85314c66fadf7c58427a739c54f4a2727205a5b

SHA512
e7823b36d95a4e1a1a91d14b3f17badcf9b3185bae05b9b8e37b752244b10d8af488b6dac6a969861fae56f8c417ac4183c7d9ef8041dab3d9cd64b22bd7fafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
5ee94bffaa0ebb8b618ec86d05f38f71

SHA1
8d531d3a58952a29773a94278f440c543ce60cbd

SHA256
4ac5af8614985573b2f7a75ac6222bb345d24cfcc00e67c598978ee474accba0

SHA512
c71d191bdf9bfef3eeab1f6346075aba766d6cd399e970add394ccdfa76525b6a2f64d70ff56bfce7afd30195be768b1da8fd9787f7dc14ea35eaa4a4cea68c7

Download Submit
memory/3824-0-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/3824-1-0x0000000000400000-0x000000000081A000-memory.dmp

Filesize
4.1MB

Download
memory/3824-2-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/3824-42-0x0000000000400000-0x000000000081A000-memory.dmp

Filesize
4.1MB

Download