hxxps://youtube[.]com

General

Target

https://youtube.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

scripthack_43.exeGenericSetup.exescripthack_43.exeGenericSetup.exe

pid process

4696 scripthack_43.exe
4736 GenericSetup.exe
5016 scripthack_43.exe
5044 GenericSetup.exe
Loads dropped DLL 1 IoCs

Processes:

GenericSetup.exe

pid process

4736 GenericSetup.exe

pid	process
4696	scripthack_43.exe
4736	GenericSetup.exe
5016	scripthack_43.exe
5044	GenericSetup.exe

pid	process
4736	GenericSetup.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1063

Processes:

GenericSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	GenericSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	process
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\F:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3048 5044 WerFault.exe GenericSetup.exe

pid	pid_target	process	target process
3048	5044	WerFault.exe	GenericSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

3656 taskkill.exe
4688 taskkill.exe

pid	process
3656	taskkill.exe
4688	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{047A7691-59B1-11EC-876A-F22DA63300E1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

GenericSetup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	GenericSetup.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeGenericSetup.exechrome.exeGenericSetup.exe

pid	process
372	chrome.exe
372	chrome.exe
872	chrome.exe
872	chrome.exe
3788	chrome.exe
3788	chrome.exe
2776	chrome.exe
2776	chrome.exe
3892	chrome.exe
3892	chrome.exe
3360	chrome.exe
3360	chrome.exe
1520	chrome.exe
1520	chrome.exe
1856	chrome.exe
1856	chrome.exe
3664	chrome.exe
3664	chrome.exe
4148	chrome.exe
4148	chrome.exe
4660	chrome.exe
4660	chrome.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe
5044	GenericSetup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid process

872 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

chrome.exe

pid	process
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

unregmp2.exeGenericSetup.exeGenericSetup.exeWerFault.exe

description	pid	process
Token: SeShutdownPrivilege	2960	unregmp2.exe
Token: SeCreatePagefilePrivilege	2960	unregmp2.exe
Token: SeDebugPrivilege	4736	GenericSetup.exe
Token: SeDebugPrivilege	5044	GenericSetup.exe
Token: SeRestorePrivilege	3048	WerFault.exe
Token: SeBackupPrivilege	3048	WerFault.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeiexplore.exe

pid	process
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
3856	iexplore.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

iexplore.exeIEXPLORE.EXEGenericSetup.exe

pid process

3856 iexplore.exe
3856 iexplore.exe
1244 IEXPLORE.EXE
1244 IEXPLORE.EXE
4736 GenericSetup.exe

pid	process
3856	iexplore.exe
3856	iexplore.exe
1244	IEXPLORE.EXE
1244	IEXPLORE.EXE
4736	GenericSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exewmplayer.exechrome.exeunregmp2.exe

description	pid	process	target process
PID 3856 wrote to memory of 1244	3856	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 1244	3856	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 1244	3856	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 3228	2208	wmplayer.exe	setup_wm.exe
PID 2208 wrote to memory of 3228	2208	wmplayer.exe	setup_wm.exe
PID 2208 wrote to memory of 3228	2208	wmplayer.exe	setup_wm.exe
PID 2208 wrote to memory of 420	2208	wmplayer.exe	unregmp2.exe
PID 2208 wrote to memory of 420	2208	wmplayer.exe	unregmp2.exe
PID 2208 wrote to memory of 420	2208	wmplayer.exe	unregmp2.exe
PID 872 wrote to memory of 1920	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1920	872	chrome.exe	chrome.exe
PID 420 wrote to memory of 2960	420	unregmp2.exe	unregmp2.exe
PID 420 wrote to memory of 2960	420	unregmp2.exe	unregmp2.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 2096	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 372	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 372	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe
PID 872 wrote to memory of 1712	872	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://youtube.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3856 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2208

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
2⤵
PID:3228

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
- Suspicious use of WriteProcessMemory
PID:420

C:\Windows\System32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d9e74f50,0x7ff8d9e74f60,0x7ff8d9e74f70
2⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:2
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1872 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
2⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4200 /prefetch:8
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4372 /prefetch:8
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4196 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4760 /prefetch:8
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4904 /prefetch:8
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4900 /prefetch:8
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4808 /prefetch:8
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:8
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4328 /prefetch:8
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4304 /prefetch:8
2⤵
PID:3000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3536 /prefetch:8
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4668 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5804 /prefetch:8
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5948 /prefetch:8
2⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5816 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6468 /prefetch:8
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6616 /prefetch:8
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6872 /prefetch:8
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6728 /prefetch:8
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
2⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
2⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 /prefetch:8
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6072 /prefetch:8
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1540 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5856 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
2⤵
PID:584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
2⤵
PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 /prefetch:8
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5780 /prefetch:8
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4480 /prefetch:8
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6224 /prefetch:8
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4648 /prefetch:8
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5520 /prefetch:8
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4348 /prefetch:8
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660

C:\Users\Admin\Downloads\scripthack_43.exe
"C:\Users\Admin\Downloads\scripthack_43.exe"
2⤵
- Executes dropped EXE
PID:4696

C:\Users\Admin\AppData\Local\Temp\7zS8525CBB7\GenericSetup.exe
.\GenericSetup.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4736

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\zhuykc5o.f2j.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART"
4⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\zhuykc5o.f2j.exe
"C:\Users\Admin\AppData\Local\Temp\zhuykc5o.f2j.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART
5⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\is-5J374.tmp\zhuykc5o.f2j.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5J374.tmp\zhuykc5o.f2j.tmp" /SL5="$40224,4511977,830464,C:\Users\Admin\AppData\Local\Temp\zhuykc5o.f2j.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART
6⤵
PID:4480

C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe
"C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe"
7⤵
PID:4432

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\2zxek4ol.3gj.exe" /verysilent"
4⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\2zxek4ol.3gj.exe
"C:\Users\Admin\AppData\Local\Temp\2zxek4ol.3gj.exe" /verysilent
5⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\is-JRFLP.tmp\2zxek4ol.3gj.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JRFLP.tmp\2zxek4ol.3gj.tmp" /SL5="$A0062,32312365,887296,C:\Users\Admin\AppData\Local\Temp\2zxek4ol.3gj.exe" /verysilent
6⤵
PID:4488

C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c "net stop luminati_net_updater_win_vidd_ly"
7⤵
PID:4804

C:\Windows\system32\net.exe
net stop luminati_net_updater_win_vidd_ly
8⤵
PID:3196

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop luminati_net_updater_win_vidd_ly
9⤵
PID:3360

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Viddly.exe
7⤵
- Kills process with taskkill
PID:3656

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im YouTubeDownloader.exe
7⤵
- Kills process with taskkill
PID:4688

C:\Users\Admin\Downloads\scripthack_43.exe
"C:\Users\Admin\Downloads\scripthack_43.exe"
2⤵
- Executes dropped EXE
PID:5016

C:\Users\Admin\AppData\Local\Temp\7zS89360F58\GenericSetup.exe
.\GenericSetup.exe
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 2664
4⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6840 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4160 /prefetch:8
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:3272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,6345406595585114597,6764654356656175045,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:4152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Install Root Certificate

1

T1130

Credential Access

Discovery

Security Software Discovery

1

T1063

Query Registry

3

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wmsetup.log
MD5
de873b2af5cf8fbeee6f81f536910da0

SHA1
4a67bd2623eb3f374f824ecc90d36bd0c3ed537f

SHA256
d0afeb35d3b766ca3d5828af67382d6072b350f683bc946839994104212cdfa9

SHA512
86f9b72a8ee062a10b606a3ccd9e4ea39f861eddae62fdc782cff38d94b2bea0de4104e3e66b7246c2d8a77d9fab0e18bc547a212728c3feeb1a39af0713f4ff

Download Submit
\??\pipe\crashpad_872_GSBIRAIPNBGLOUZF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/420-159-0x0000000000000000-mapping.dmp

Download
memory/1244-140-0x0000000000000000-mapping.dmp

Download
memory/2960-180-0x000002522EAE0000-0x000002522EAE2000-memory.dmp

Filesize
8KB

Download
memory/2960-169-0x000002522EAE0000-0x000002522EAE2000-memory.dmp

Filesize
8KB

Download
memory/2960-168-0x000002522EAE0000-0x000002522EAE2000-memory.dmp

Filesize
8KB

Download
memory/2960-160-0x0000000000000000-mapping.dmp

Download
memory/3196-237-0x0000000000000000-mapping.dmp

Download
memory/3228-158-0x0000000000000000-mapping.dmp

Download
memory/3360-238-0x0000000000000000-mapping.dmp

Download
memory/3656-235-0x0000000000000000-mapping.dmp

Download
memory/3856-135-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-121-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-132-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-133-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-115-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-136-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-137-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-138-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-128-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-141-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-142-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-144-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-145-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-147-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-149-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-150-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-151-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-155-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-156-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-157-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-129-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-127-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-125-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-124-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-162-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-123-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-122-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-131-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-171-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-172-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-120-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-116-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-117-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/3856-119-0x00007FF8E20C0000-0x00007FF8E212B000-memory.dmp

Filesize
428KB

Download
memory/4200-217-0x0000000000000000-mapping.dmp

Download
memory/4376-224-0x0000000000000000-mapping.dmp

Download
memory/4424-221-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4424-218-0x0000000000000000-mapping.dmp

Download
memory/4432-232-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/4432-229-0x0000000000000000-mapping.dmp

Download
memory/4464-225-0x0000000000000000-mapping.dmp

Download
memory/4464-228-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/4480-222-0x0000000000000000-mapping.dmp

Download
memory/4480-223-0x0000000000A00000-0x0000000000A01000-memory.dmp

Filesize
4KB

Download
memory/4488-231-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/4488-230-0x0000000000000000-mapping.dmp

Download
memory/4688-236-0x0000000000000000-mapping.dmp

Download
memory/4696-182-0x0000000000000000-mapping.dmp

Download
memory/4736-184-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/4736-189-0x00000000066E0000-0x00000000066E1000-memory.dmp

Filesize
4KB

Download
memory/4736-183-0x0000000000000000-mapping.dmp

Download
memory/4804-234-0x0000000000000000-mapping.dmp

Download
memory/5016-200-0x0000000000000000-mapping.dmp

Download
memory/5044-210-0x00000000065B0000-0x00000000065B1000-memory.dmp

Filesize
4KB

Download
memory/5044-201-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads