wannacry | 3214a6bc1516237a1dd43a7362e4c5d8a48528aeadd8151eae8e9030fd98f273

Resubmissions

07/03/2025, 14:40

250307-r1yt1asl18 10

01/09/2024, 15:27

28/08/2024, 14:14

28/08/2024, 13:53

28/08/2024, 13:48

Analysis

max time kernel
43s
max time network
218s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07/03/2025, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6f93103b29652dbe18510ea58016058_JaffaCakes118.dll
Size

5.0MB
MD5

c6f93103b29652dbe18510ea58016058
SHA1

99f707cdd51c938b85b43413d982325919f18cd1
SHA256

3214a6bc1516237a1dd43a7362e4c5d8a48528aeadd8151eae8e9030fd98f273
SHA512

4a243ef4bf2ae2b01030c00f576c4c83a378f280e03f356c7298d5eaa41720722616da5dd7e4466b572158e658a01b92e09ff245b9c218949945e061bb40980d
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM:+DqPoBhz1aRxcSUDk36SAEdhvxW

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Contacts a large (4883) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 3 IoCs

pid	Process
2824	mssecsvc.exe
2844	mssecsvc.exe
2896	tasksche.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
2281	raw.githubusercontent.com
3068	raw.githubusercontent.com
3069	raw.githubusercontent.com
3072	raw.githubusercontent.com
2270	raw.githubusercontent.com
2526	raw.githubusercontent.com
2707	raw.githubusercontent.com
2896	raw.githubusercontent.com
2901	raw.githubusercontent.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	mssecsvc.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	3056	WerFault.exe	63

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 24 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f007f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1F645C0-ADDC-470E-82A3-D6017383E5F8}\WpadDecisionReason = "1"	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1F645C0-ADDC-470E-82A3-D6017383E5F8}\WpadDecisionTime = a0634bdf6e8fdb01	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1F645C0-ADDC-470E-82A3-D6017383E5F8}\WpadDecision = "0"	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1F645C0-ADDC-470E-82A3-D6017383E5F8}\WpadNetworkName = "Network 3"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1F645C0-ADDC-470E-82A3-D6017383E5F8}\4a-b7-f4-6e-a0-dc	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4a-b7-f4-6e-a0-dc\WpadDecisionTime = a0634bdf6e8fdb01	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4a-b7-f4-6e-a0-dc\WpadDecision = "0"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1F645C0-ADDC-470E-82A3-D6017383E5F8}	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4a-b7-f4-6e-a0-dc	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4a-b7-f4-6e-a0-dc\WpadDecisionReason = "1"	mssecsvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2304 wrote to memory of 2424	2304	rundll32.exe	29
PID 2424 wrote to memory of 2824	2424	rundll32.exe	30
PID 2424 wrote to memory of 2824	2424	rundll32.exe	30
PID 2424 wrote to memory of 2824	2424	rundll32.exe	30
PID 2424 wrote to memory of 2824	2424	rundll32.exe	30
PID 1736 wrote to memory of 968	1736	chrome.exe	34
PID 1736 wrote to memory of 968	1736	chrome.exe	34
PID 1736 wrote to memory of 968	1736	chrome.exe	34
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1788	1736	chrome.exe	36
PID 1736 wrote to memory of 1636	1736	chrome.exe	37
PID 1736 wrote to memory of 1636	1736	chrome.exe	37
PID 1736 wrote to memory of 1636	1736	chrome.exe	37
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38
PID 1736 wrote to memory of 1796	1736	chrome.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f93103b29652dbe18510ea58016058_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f93103b29652dbe18510ea58016058_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2824
  - - C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      4⤵
      Executes dropped EXE
      PID:2896

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb0b9758,0x7fefb0b9768,0x7fefb0b9778
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3624 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3876 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3624 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1740 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=740 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2464 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1080 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3732 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1552 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4052 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=1328,i,3659357147888167199,4351671028689832511,131072 /prefetch:8
  2⤵
  PID:1500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma (2).zip\Sigma.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma (2).zip\Sigma.exe"
1⤵
PID:3056
- C:\Windows\SysWOW64\ARP.EXE
  "C:\Windows\System32\ARP.EXE"
  2⤵
  PID:1548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 636
  2⤵
  - Program crash
  PID:2612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484
1⤵
PID:1332

C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
"C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
PID:836
- C:\Windows\system32\wininit.exe
  "C:\Windows\system32\wininit.exe"
  2⤵
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df97a8fc047d6887ad53ad838e836587

SHA1
cd895a8aa0ec86aad5b2eadc8e7836db9eb0f2ec

SHA256
14c35afc958a05ee2957692c5c08b372f3c03806eb6b46808e8223e4339556c6

SHA512
6a1e705bfe8731b90d52b8885477a4a7bc711bcd9ae0598f4d4a888ee0b58691fcc6b12509a0fdb73c63ed8bf41e729ce6b64586c734dd145b5bda60def2ea2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
215KB

MD5
786c4894e2393c2a6df8fe0fd6aeee3f

SHA1
2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0

SHA256
258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4

SHA512
73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
e796229db6bb767a6d5c37695a7db4ea

SHA1
88001d701cc6ab9bfeb7e6e0a49c84c158dce724

SHA256
1cbf8e7371e7c16c36e0df241531316a990a56ef5e492bbe2d38f1a32922da5c

SHA512
808109101a81e34c02f2fd633dc90d23b5cdd83c10247b288360cfface5d177dc54cbea3d374e59bb3a00fa3daed1189d78e050dbe638fb6df7a2918f6c06195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf791b7c.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d7be06fe922f3975885f0640244e8be6

SHA1
2f2472ebf5af2e4aee85ce88c243fd8487ffc60b

SHA256
70e3e8fb6778d3a25eba96e25c741f0810f8e9984817db9d818795710e9716ed

SHA512
ed0f7d41e4d59a0a19dd71fa095235a98aeb743c124fbb6fbad81adcab19853ca87e565f9cf32717fdcece140a3e885a81f64091926ddfbad49da68588735a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b890f3909c5337229780ff95de7f534c

SHA1
9a4ec4fb28056c6d96e470e7e8efed8746efaaee

SHA256
03e71699459e1d32e6a1eef82502f585ea2ad5937885eab548a06f3c6b44c66c

SHA512
26ada5b43b7fba57dc791dd7255dd98a002809c6dbca759aca4ff5066cd5742276132e4fdb13c3e46a4559704667bf374586c6808777172cb820644f40a037d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
79d0ecb8af69e035696cc8a0fddd4ef8

SHA1
d6ae7ea59b948bcec87eff0b5a4c4a848d9f6990

SHA256
bccb7394481474d2c1267a28c2b1d0bf1ba54c83776dd7f5e12e3af19099a3e1

SHA512
30c019d867f42d78705fa8de054273f2c4bd849fff10e00e9b212590e5372b4f76188c8c28cb5956d97082391d6eda8ac834f0167e4fecc462fa51bd4d9ef354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
0d346d92c7cfa8b67547745e3574714b

SHA1
ee428f19dece341a19871f5c7602a96df0df33ca

SHA256
4bdacf6e298e803d261ea4ac8eefdcf8767b09133d32f69119bcbb095ea24616

SHA512
9f245c68166f1020b50c2cf5455436703c1eef15a94740bdcff21926176ec929ac794f3dfbe7a1e138c73b97dcc1b54d1d0caac7a66d2d027c3f2f318d779076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
572713a83342117c08a386440e0b6e3b

SHA1
6a7510f6b724ae316dc6ba05ac9631c80e086a1f

SHA256
8c9609d12445c1e596a44fc9904fa9f70b7db9d395a9bf3631c977b93670385b

SHA512
1a17c69fe8263144a7f5002384b03a4bd4ba12071811ffc86d11024c0c261077d23eaf457016646296af073d8ddefbc6e0189b9371ca829f1e5e351e665338fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68ab3531aac40b06984f0b99ac1db273

SHA1
e62fd4906e9e2635db4e95de0833abb4841642e1

SHA256
8e47dd189e0c7220eb3f8db6d9fe6453d9f349169aa7f611d0d2a0fa6367245b

SHA512
4022b7e484d5c5074ed0119a73682491052c3032f8f4ebe46a2745ec0b553a15711d5660d580e53f7dd23e1e2625edd1491c62736652114be7e99f20f39952f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b63e662c17455b4cc2174a5d44b3a3d5

SHA1
0ff60883504cd90d9ddd7c5e31e5df7096ddc9df

SHA256
d1858ccfa39e212e14b799faf4ea1a620164a1f3049c03a200db3d67211744f0

SHA512
debba4763baa38e156cb88b97fa0051fc921b32e1e54ba676a2f46ee614e59733a3e389e99337d56d9b5640f5e16463c1ce76bd174791830cd9b6ac269b24bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf79539c.TMP

Filesize
691B

MD5
3cdfc804c1d66c70d62067f8b823bb18

SHA1
6a51ccd4bd8185585f236cd85edc7306ab034cce

SHA256
bc786c569dd83b0341075b1d8687915d1e1ae82696e69e26970b2ec3a9b964cc

SHA512
ab933ca549001f27e6cc53054ec4b49243c4b4d85d5080b7c27ca3a3669e9d30ddbde6e8d3006618e6345238b96121cecce220828893387499152a26c40ba977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8163e1c5e2df9ec5172562f0b1988ca0

SHA1
96d48bb2d87dbfd0fd10fd8fe7de5452c6249dca

SHA256
47172ff0d6f1a38ffda6542f5a9c1c2cb7d70e74e5b2e6c09ee9e9d518b6309b

SHA512
555dabcafb757365ef9d745f5742f3ee4fc494e838aea9876cde63ab49407a34238666a2c1bd885c7528afdd2be565404c8ff8a8b54661c1abe95fa634f85470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7e9bcab9ee1f26c0c26582dc5d81b5d5

SHA1
ff0c4e7dd06b7b822aaadc1cf8019a7572cd75bd

SHA256
19517e0f9c3f1c3f4167ccc06ba6cf70decea189e9ff30ee429ed4b6cd32fb30

SHA512
be30d19215ac6c0ea7caae017aa220b279f79c8d467ebb02534c1926d5c79b8c4cd7c33a5ae856c2e5460f2898c86d569364de4dff1c87f0e047bd5faa183564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4bc8829d10fcfb586e2111a6abea3ad9

SHA1
8322236dbfb939186ce53952981b6008412d8526

SHA256
f0dd51ba8de4172b60c93c8489b7c64a3f0a0d2df06b55dbf7b7fff74c6ed5f0

SHA512
880be814e5e782a1904d90d255ef8a845a79086bc58b43cf91523b9e4a993982705ecccb65be96b4d2aba44a0178240309440faa6c9f41ab169020e0b021b7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a60e2b643fbe1c60fc320bcef05c0f4

SHA1
a4b4eb968ec1805f7991f0abc9ba25fb84a3a8e6

SHA256
fade7af72b57dc7e9d44434db59c90d60318bedb1135821574abf047c0829921

SHA512
2d9506b58c7b7a378dc448c65d19607b053cb26ce6e2533059d226fa1bcd5dfd274cc5bca97babb7d9a023a73e1fd2a071280203ad1d97e4e8c28553bb5516fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
378533dee8e64c685b03fb9de984ba3a

SHA1
ba997a546fad1427bb357278af070e8927fb7e77

SHA256
01cbb3b0f33cee57b9174f5c82feb6bde43151804652398546a13764a5197f11

SHA512
09117b9e4cde5fb0fe0d75abe54b8434f70afdaa57004f583342f2a1cc71273523c444f510b8336c73da5290f80cb2fa057aa4a0ed0ef6dba804a45285bb0f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dbad493ab16fb7660e2435be42840d6e

SHA1
68e00f8dff00fc02e5b4b9c52c593d79dcb28728

SHA256
88b9d81c65451e51b38343463a51315cecf7c6c1be43d2f346b3d07e71588282

SHA512
a81605853a120729a1b116097e64b937424daed90b5e4a417393d36b221b1f535c6dcdabb58555af213f625eb8cb72f616cd3684b65a23407b285e2e24c55c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf788315.TMP

Filesize
4KB

MD5
7b3109b96bd4a57c8b62470ac790cd11

SHA1
ddcd9db98952f20c3a9823d112717033192d82bf

SHA256
addc641ee7b5a32ebed95478a9a0e87f32426c5e4d4b66fb8d01f6982a7bcc4b

SHA512
2f6011be59f69d0709cdff41d00aa9256ea57a972d0a43664ee1df40bb59f9bfd2b65f68285322e8ee621b50a65f7fb6790977c3a24d89510e7322475b83c64e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
6db1325bb62da63ebaa3f0051c3778a8

SHA1
ff1a22dbf27aa4b6cf25f0e9b71644b05992d553

SHA256
6764562e44ef35a4d43ab772e31de079fa9cdc26989cca9f1605ae2061afee10

SHA512
979075f79856a5593c8cbaa3d90da34ab5f74967ef8b60da35fafdcbd6d53c2a9d7bad0b5fcc7769dbe21e35f0677775aa20bc7af232d473c8a0cd741c2a29be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A43.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\Downloads\Sigma (2).zip

Filesize
58KB

MD5
0ba2d3a3cb7185c7111c565e039e9b52

SHA1
9381f3598acdc21136141674fbb7e05c9498dfb8

SHA256
8366f11f3df2673f21db892e6199c38055f7895dcc43f46ec3a03ed4ab94127c

SHA512
25252283281019fb75df4266ed9b9a669f678200856a0369580b4108bbb4cd220d22857f111b56393f49023b864333dd70a2309caa3049b6e9ed6dcf480e1b92

Download Submit
C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
8bcc3517b17394c04e305a5a31fbb5d6

SHA1
8e789cf5b8d483691554d6315212b00fb0f2727f

SHA256
c5d66f91b1b6b9ff6be7ca61ed7989b02d753b182959878db5b5dac064444b4d

SHA512
5137ca1fb369ea7de967307f9038d098562b257f2f3a46fda69e0d8312253b5b61ef2848dae389ea59a9f75a56acab42956b82916690ba1d3f0ce10e3c7e77c9

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
f22c104bdced739dd330228c7818f972

SHA1
c79950f1e331f6d005e469843a6927e8d1bf641f

SHA256
0e4d85f35083e1dac36ed2533d945f4c1b81455241ac5b319680613d833e8b95

SHA512
87312affbfd18d35652f136480ff73cdc7e6933af46bcd2116603776fdc7ac57d38585459530d317d5ca2b2ae560e57ec426b70de9cfadc48625962d9aa022f0

Download Submit
memory/836-850-0x000000001B260000-0x000000001B542000-memory.dmp

Filesize
2.9MB

Download
memory/836-851-0x0000000001D70000-0x0000000001D78000-memory.dmp

Filesize
32KB

Download