6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639

Analysis

max time kernel
150s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
Size

29KB
MD5

0701fbc99dad965d1ab22853b0d8f9b6
SHA1

e45c77895880af26f88edc1fcd4563c495616a40
SHA256

6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639
SHA512

85eee0fac51f84e2a3fcdf2d8a735c16d1bdc8f591cbe695ec0ae3beb8f5bf1d524df2725115d9cf657e0c58d6e32968e15f35776db94296b459551d7140817b
SSDEEP

384:sbbPuKaS80Nat1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzG4:40Hht16GVRu1yK9fMnJG2V9dHS8

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\X:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\W:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\T:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\I:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\F:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\E:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\V:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\U:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\S:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\K:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\P:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\O:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\M:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\L:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\H:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\Z:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\R:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\Q:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\N:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\J:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened (read-only)	\??\G:	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\fr-FR\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lt\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\de-DE\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\de-DE\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Google\Update\Offline\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File created	C:\Program Files\Google\Chrome\Application\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\it-IT\_desktop.ini	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1956	1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe	28
PID 1636 wrote to memory of 1956	1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe	28
PID 1636 wrote to memory of 1956	1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe	28
PID 1636 wrote to memory of 1956	1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe	28
PID 1956 wrote to memory of 1724	1956	net.exe	30
PID 1956 wrote to memory of 1724	1956	net.exe	30
PID 1956 wrote to memory of 1724	1956	net.exe	30
PID 1956 wrote to memory of 1724	1956	net.exe	30
PID 1636 wrote to memory of 1196	1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe	12
PID 1636 wrote to memory of 1196	1636	6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1196
- C:\Users\Admin\AppData\Local\Temp\6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe
  "C:\Users\Admin\AppData\Local\Temp\6fdf0d28d1e4bfbfa499deb22ae05f532ac22b0a6cdf3e929dc7dc8da089e639.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:1724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1636-56-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1636-57-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download