add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c

Analysis

max time kernel
149s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2022 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Size

4.1MB
MD5

d0b657207164df01528ffb1851846b35
SHA1

0d5041c2a203d0984c71645e24696769aaaa768e
SHA256

add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c
SHA512

b9d80c1d7ac59f6c73ca056213fbd92d03d7ffa15756a76d5c7976a191599d80e45bcaf4b6b415bacd47c216535f6ec9ab2288d9dbcaad82685b3be6405d049d
SSDEEP

98304:NAlWdUHfseXpq5HXf9TIXgFzcSTBb2Bv+4/sv3PnPonY56AR4KDhkszsw:mcS/YhP9TIXUHBqZ7k/PgyZRp9kvw

Score

10^/10

evasion

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4448 created 4992	4448	svchost.exe	83

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Modify Existing Service

T1031

pid	Process
4756	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1344	4992	WerFault.exe	83

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2391 = "Aleutian Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2432 = "Cuba Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2181 = "Astrakhan Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2002 = "Cabo Verde Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-341 = "Egypt Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2162 = "Altai Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-841 = "Argentina Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2001 = "Cabo Verde Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1661 = "Bahia Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1972 = "Belarus Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2392 = "Aleutian Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2531 = "Chatham Islands Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-111 = "Eastern Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-441 = "Arabian Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-651 = "AUS Central Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2042 = "Eastern Standard Time (Mexico)"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2161 = "Altai Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2491 = "Aus Central W. Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2611 = "Bougainville Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-392 = "Arab Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-292 = "Central European Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-141 = "Canada Central Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-162 = "Central Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-172 = "Central Standard Time (Mexico)"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2182 = "Astrakhan Standard Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time"	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4992	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
4992	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4992	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Token: SeImpersonatePrivilege	4992	add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
Token: SeTcbPrivilege	4448	svchost.exe
Token: SeTcbPrivilege	4448	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 3508	4448	svchost.exe	99
PID 4448 wrote to memory of 3508	4448	svchost.exe	99
PID 4448 wrote to memory of 3508	4448	svchost.exe	99

C:\Users\Admin\AppData\Local\Temp\add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
"C:\Users\Admin\AppData\Local\Temp\add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4992
- C:\Users\Admin\AppData\Local\Temp\add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe
  "C:\Users\Admin\AppData\Local\Temp\add306fcfce303f761242eab1638db69a921576d1a0d45014d7402d12980087c.exe"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3508
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:2072
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:4756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 956
  2⤵
  - Program crash
  PID:1344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4992 -ip 4992
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2072-137-0x0000000000000000-mapping.dmp

Download
memory/3508-135-0x0000000000000000-mapping.dmp

Download
memory/3508-139-0x0000000002892000-0x0000000002C7B000-memory.dmp

Filesize
3.9MB

Download
memory/3508-140-0x0000000000400000-0x0000000000C91000-memory.dmp

Filesize
8.6MB

Download
memory/4756-138-0x0000000000000000-mapping.dmp

Download
memory/4992-132-0x0000000002BFF000-0x0000000002FE8000-memory.dmp

Filesize
3.9MB

Download
memory/4992-133-0x0000000002FF0000-0x0000000003866000-memory.dmp

Filesize
8.5MB

Download
memory/4992-134-0x0000000000400000-0x0000000000C91000-memory.dmp

Filesize
8.6MB

Download
memory/4992-136-0x0000000000400000-0x0000000000C91000-memory.dmp

Filesize
8.6MB

Download