8ff3bb89a9a056079696e05263533821687633620b1f63577e81ca9d8fd8d257

Analysis

max time kernel
41s
max time network
117s
platform
windows10_x64
resource
win10v20210410
submitted
22-07-2021 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QIAGEN Products Screensaver 1.2.3.scr
Size

68.6MB
MD5

dca1aac11e665c514f76a6c40bba0c2c
SHA1

12de9458d9745ee95c50facb135eee7b32aaaaef
SHA256

8ff3bb89a9a056079696e05263533821687633620b1f63577e81ca9d8fd8d257
SHA512

ccfe9adbce515f1ebcbccfb616f69114532598aa59767ad6b847d7d4283f14a8b063be175ca7e632e53876ea1ca90ff977261ee8b6c168c59426e999b02760db

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

QIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exe

pid	process
3748	QIAGEN Products Screensaver.exe
3852	QIAGEN Products Screensaver.exe
1800	QIAGEN Products Screensaver.exe
508	QIAGEN Products Screensaver.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

QIAGEN Products Screensaver.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Control Panel\International\Geo\Nation	QIAGEN Products Screensaver.exe

Loads dropped DLL 10 IoCs

Processes:

QIAGEN Products Screensaver 1.2.3.scrQIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exe

pid	process
1628	QIAGEN Products Screensaver 1.2.3.scr
1628	QIAGEN Products Screensaver 1.2.3.scr
1628	QIAGEN Products Screensaver 1.2.3.scr
3748	QIAGEN Products Screensaver.exe
3852	QIAGEN Products Screensaver.exe
1800	QIAGEN Products Screensaver.exe
508	QIAGEN Products Screensaver.exe
3852	QIAGEN Products Screensaver.exe
3852	QIAGEN Products Screensaver.exe
3852	QIAGEN Products Screensaver.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

QIAGEN Products Screensaver.exeQIAGEN Products Screensaver.exe

pid process

1800 QIAGEN Products Screensaver.exe
1800 QIAGEN Products Screensaver.exe
508 QIAGEN Products Screensaver.exe
508 QIAGEN Products Screensaver.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

QIAGEN Products Screensaver 1.2.3.scr

description pid process

Token: SeSecurityPrivilege 1628 QIAGEN Products Screensaver 1.2.3.scr
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

QIAGEN Products Screensaver.exe

pid process

3748 QIAGEN Products Screensaver.exe

pid	process
1800	QIAGEN Products Screensaver.exe
1800	QIAGEN Products Screensaver.exe
508	QIAGEN Products Screensaver.exe
508	QIAGEN Products Screensaver.exe

description	pid	process
Token: SeSecurityPrivilege	1628	QIAGEN Products Screensaver 1.2.3.scr

Suspicious use of WriteProcessMemory 46 IoCs

Processes:

QIAGEN Products Screensaver 1.2.3.scrQIAGEN Products Screensaver.exe

C:\Users\Admin\AppData\Local\Temp\QIAGEN Products Screensaver 1.2.3.scr
"C:\Users\Admin\AppData\Local\Temp\QIAGEN Products Screensaver 1.2.3.scr" /S
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
"C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe" /S
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3748

C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
"C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe" --type=gpu-process --field-trial-handle=1764,10156403938653225229,142218436470598665,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1760 --ignored=" --type=renderer " /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3852

C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
"C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe" --type=utility --field-trial-handle=1764,10156403938653225229,142218436470598665,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1800 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1800

C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
"C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe" --type=renderer --field-trial-handle=1764,10156403938653225229,142218436470598665,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:508

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\D3DCompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
MD5
2a1495eaab7f7abc8849281e07a528d5

SHA1
019fa44fa7df629c943f28040d44102901de4f33

SHA256
9d388c8e21402a6cc5c442bf72b283533c5fd96424d0a6cbbc6ed0b57be6373d

SHA512
3a6f28616a3ce8bfe7140058eb57afd80f799ff89452e66a93f4bceb04f389fd73049aee4fc4ff22df6f772f727ae78e8f6b7c29efdc99704438de608f3d71e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
MD5
2a1495eaab7f7abc8849281e07a528d5

SHA1
019fa44fa7df629c943f28040d44102901de4f33

SHA256
9d388c8e21402a6cc5c442bf72b283533c5fd96424d0a6cbbc6ed0b57be6373d

SHA512
3a6f28616a3ce8bfe7140058eb57afd80f799ff89452e66a93f4bceb04f389fd73049aee4fc4ff22df6f772f727ae78e8f6b7c29efdc99704438de608f3d71e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
MD5
2a1495eaab7f7abc8849281e07a528d5

SHA1
019fa44fa7df629c943f28040d44102901de4f33

SHA256
9d388c8e21402a6cc5c442bf72b283533c5fd96424d0a6cbbc6ed0b57be6373d

SHA512
3a6f28616a3ce8bfe7140058eb57afd80f799ff89452e66a93f4bceb04f389fd73049aee4fc4ff22df6f772f727ae78e8f6b7c29efdc99704438de608f3d71e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
MD5
2a1495eaab7f7abc8849281e07a528d5

SHA1
019fa44fa7df629c943f28040d44102901de4f33

SHA256
9d388c8e21402a6cc5c442bf72b283533c5fd96424d0a6cbbc6ed0b57be6373d

SHA512
3a6f28616a3ce8bfe7140058eb57afd80f799ff89452e66a93f4bceb04f389fd73049aee4fc4ff22df6f772f727ae78e8f6b7c29efdc99704438de608f3d71e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\QIAGEN Products Screensaver.exe
MD5
2a1495eaab7f7abc8849281e07a528d5

SHA1
019fa44fa7df629c943f28040d44102901de4f33

SHA256
9d388c8e21402a6cc5c442bf72b283533c5fd96424d0a6cbbc6ed0b57be6373d

SHA512
3a6f28616a3ce8bfe7140058eb57afd80f799ff89452e66a93f4bceb04f389fd73049aee4fc4ff22df6f772f727ae78e8f6b7c29efdc99704438de608f3d71e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\chrome_100_percent.pak
MD5
3ff806f44723cee528a1aaee4d3a289e

SHA1
56830e7ff31f803077aed774fafebd4e6c5e6c90

SHA256
65cb11d090b32e0fb3c740a736c13c0a47cb1bcb265c084e3de5bb7474fb662f

SHA512
03dafb839308d644a9943ba66838536fbd1f606cafe392f90925ce51766b5e3a9064d60ca8463bacf7238258beded570d5a0007f3ce11c14f87b10faa2da2977

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\chrome_200_percent.pak
MD5
bd66e8de6979dfe12cbaa29390d11a64

SHA1
967916eb7587f0163fbce50c7b4822d06e939d5a

SHA256
cd584f20aeed80fe5852d5d5656a12d25d9116d6b805ddbec3874d310925df2a

SHA512
f77bd5004d8da54e8588ffcf6962b3244b8e4a9f6310d31f0c7c44d913504577c9e3fb858078705c384649fbcf26223d8f98dd02778e259a8924028f2be3bc1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\ffmpeg.dll
MD5
55d0ee8b79b4880ae99ba40866a9e752

SHA1
d7767783369fb8587be628f3f607330f6711b1d9

SHA256
e0598600de38a4e8bcff5f76b611c276c6f98c67e3f41d4a18de05fdb3ad2a7d

SHA512
d0292b9be1b22f1eb3d74a2d923cf888e6cac9bf5bf70d005553bf832ba7879be5f5675d8b98ec4967c54f0c30aea205f2b3e5d51ba065be35f372b9b53125e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\icudtl.dat
MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\locales\en-US.pak
MD5
a2201115723fd61d1e68ab001e6cdca0

SHA1
a97073e22adf7b300e702e717743cd249e64b4fb

SHA256
3333cf1fb2b0c15ea819787ba672d2274f3136e6a8729f2e5d2796b740688183

SHA512
e68c451602a0c2cd47ee3652daf1d74d87e6e61ebda9166cbb182301f03118b72288968695f85a1bcdefb45e4753ba7187dd5159b6694952f33238af39d89479

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\resources.pak
MD5
8a29a2f87172f5b585daaddebc7851ac

SHA1
a7d9d3ccc15f3cf1251153f8bf988751b21b5cd7

SHA256
6dd0d5d015e3a3d1d37101e172aa337bfd50e2518467911979427d874b4358da

SHA512
b98e809f3242f8ebddb1e3e8afd2357c6a36d886543584ec165ea884f8ee8da393c70899f44a3dc966dec933f244becefbf19252896c6de40efb525bac2e6da0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\resources\app.asar
MD5
0069172f7c602373d85644931fdc3bed

SHA1
64ebbbe23a6855567a01eab3a5a54e34df57f89c

SHA256
7da606b4172229218eaa851e1a4db1b84221294e727628867fbfcb7517588ef5

SHA512
b90637f6d0696c7355a7263f24ec5b0c7ce4d29ae8110f2f22d11fafd2566d14eae0f87a2356eea1e728139386ce408e115b608a11c5d847e0a838dc5e7a2919

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\swiftshader\libegl.dll
MD5
4437cc4fffee361ce6617d8647cd2201

SHA1
34c68b474743f1e1c8bdfab30133c5e5a22315ab

SHA256
ea38c6ddf6ab8307d6440b65a7736defa6140b549ba7573cb9f54fd251713896

SHA512
0dc9be64e6678b2f4c65215c015a3f223e7ca85c626ca483eb5dfdd2f1c3316b071031a0b5590dc06e089142f8b6f82940d53cccd39e1de1afeab0f51b145488

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\swiftshader\libglesv2.dll
MD5
eef0ab30af61551942a27ad5c560b63b

SHA1
c27322f04a956f3a0f4f8440875103eee3380a9c

SHA256
1bf816c8b8705419080ffdd083713c8ff506fa4555b5ca6da1fec967c7f47cde

SHA512
96c9c4311d02582d789680f89635fd1c81eb2206faa1dc8b983f5ec5e02ce5e645500cceacfea3bae17055abadd46217efc8aecb4dd6c7c18ac40de56f54bfa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\v8_context_snapshot.bin
MD5
059c46a6c2a64b3c787d1479cd1e28a6

SHA1
93ab53fd9ffa4822a7c2bf33b3248863bef1abef

SHA256
172d37f02295e53a548907baac6eb33b3c2acaa49c1008bae27acf3a1a0d1c1a

SHA512
aec0893b15e3df8c459b3d3c4710d8b0df6809f10dd3138ac0abbee1abe58743a47a31a46c327b8724a34de54b465dc6dfc24d458242cbf335dfa5805dc8a774

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\d3dcompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\ffmpeg.dll
MD5
55d0ee8b79b4880ae99ba40866a9e752

SHA1
d7767783369fb8587be628f3f607330f6711b1d9

SHA256
e0598600de38a4e8bcff5f76b611c276c6f98c67e3f41d4a18de05fdb3ad2a7d

SHA512
d0292b9be1b22f1eb3d74a2d923cf888e6cac9bf5bf70d005553bf832ba7879be5f5675d8b98ec4967c54f0c30aea205f2b3e5d51ba065be35f372b9b53125e7

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\ffmpeg.dll
MD5
55d0ee8b79b4880ae99ba40866a9e752

SHA1
d7767783369fb8587be628f3f607330f6711b1d9

SHA256
e0598600de38a4e8bcff5f76b611c276c6f98c67e3f41d4a18de05fdb3ad2a7d

SHA512
d0292b9be1b22f1eb3d74a2d923cf888e6cac9bf5bf70d005553bf832ba7879be5f5675d8b98ec4967c54f0c30aea205f2b3e5d51ba065be35f372b9b53125e7

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\ffmpeg.dll
MD5
55d0ee8b79b4880ae99ba40866a9e752

SHA1
d7767783369fb8587be628f3f607330f6711b1d9

SHA256
e0598600de38a4e8bcff5f76b611c276c6f98c67e3f41d4a18de05fdb3ad2a7d

SHA512
d0292b9be1b22f1eb3d74a2d923cf888e6cac9bf5bf70d005553bf832ba7879be5f5675d8b98ec4967c54f0c30aea205f2b3e5d51ba065be35f372b9b53125e7

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\ffmpeg.dll
MD5
55d0ee8b79b4880ae99ba40866a9e752

SHA1
d7767783369fb8587be628f3f607330f6711b1d9

SHA256
e0598600de38a4e8bcff5f76b611c276c6f98c67e3f41d4a18de05fdb3ad2a7d

SHA512
d0292b9be1b22f1eb3d74a2d923cf888e6cac9bf5bf70d005553bf832ba7879be5f5675d8b98ec4967c54f0c30aea205f2b3e5d51ba065be35f372b9b53125e7

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\swiftshader\libEGL.dll
MD5
4437cc4fffee361ce6617d8647cd2201

SHA1
34c68b474743f1e1c8bdfab30133c5e5a22315ab

SHA256
ea38c6ddf6ab8307d6440b65a7736defa6140b549ba7573cb9f54fd251713896

SHA512
0dc9be64e6678b2f4c65215c015a3f223e7ca85c626ca483eb5dfdd2f1c3316b071031a0b5590dc06e089142f8b6f82940d53cccd39e1de1afeab0f51b145488

Download Submit
\Users\Admin\AppData\Local\Temp\1gMZwtCReWhKzInjuQK4Z2fBSS1\swiftshader\libGLESv2.dll
MD5
eef0ab30af61551942a27ad5c560b63b

SHA1
c27322f04a956f3a0f4f8440875103eee3380a9c

SHA256
1bf816c8b8705419080ffdd083713c8ff506fa4555b5ca6da1fec967c7f47cde

SHA512
96c9c4311d02582d789680f89635fd1c81eb2206faa1dc8b983f5ec5e02ce5e645500cceacfea3bae17055abadd46217efc8aecb4dd6c7c18ac40de56f54bfa3

Download Submit
\Users\Admin\AppData\Local\Temp\nsp20EC.tmp\StdUtils.dll
MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsp20EC.tmp\System.dll
MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsp20EC.tmp\nsis7z.dll
MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/508-144-0x0000000000000000-mapping.dmp

Download
memory/1800-136-0x0000000000000000-mapping.dmp

Download
memory/3748-117-0x0000000000000000-mapping.dmp

Download
memory/3852-135-0x00007FF9F5DF0000-0x00007FF9F5DF1000-memory.dmp

Filesize
4KB

Download
memory/3852-133-0x0000000000000000-mapping.dmp

Download

description	pid	process	target process
PID 1628 wrote to memory of 3748	1628	QIAGEN Products Screensaver 1.2.3.scr	QIAGEN Products Screensaver.exe
PID 1628 wrote to memory of 3748	1628	QIAGEN Products Screensaver 1.2.3.scr	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 3852	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 1800	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 1800	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 508	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe
PID 3748 wrote to memory of 508	3748	QIAGEN Products Screensaver.exe	QIAGEN Products Screensaver.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads