vidar | hxxps://www[.]youtube[.]com/watch?v=J54hbgHWekE

General

Target

https://www.youtube.com/watch?v=J54hbgHWekE

Score

10^/10

vidar 754 stealer

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

754

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815

Attributes

profile_id
754

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Executes dropped EXE 2 IoCs

Processes:

Setup.exeSetup.exe

pid process

5340 Setup.exe
5996 Setup.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Setup.exe

description pid process target process

PID 5340 set thread context of 5996 5340 Setup.exe Setup.exe

pid	process
5340	Setup.exe
5996	Setup.exe

description	pid	process	target process
PID 5340 set thread context of 5996	5340	Setup.exe	Setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{585287CD-494E-4C9A-9D38-82FD1E3B96EE}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exetaskmgr.exe

pid	process
1748	chrome.exe
1748	chrome.exe
1848	chrome.exe
1848	chrome.exe
4840	chrome.exe
4840	chrome.exe
4052	chrome.exe
4052	chrome.exe
828	chrome.exe
828	chrome.exe
2600	chrome.exe
2600	chrome.exe
3532	chrome.exe
3532	chrome.exe
4832	chrome.exe
4832	chrome.exe
5552	chrome.exe
5552	chrome.exe
5628	chrome.exe
5628	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

Processes:

chrome.exe

pid	process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

AUDIODG.EXE7zG.exe7zG.exetaskmgr.exe

description	pid	process
Token: 33	4564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4564	AUDIODG.EXE
Token: SeRestorePrivilege	5840	7zG.exe
Token: 35	5840	7zG.exe
Token: SeSecurityPrivilege	5840	7zG.exe
Token: SeRestorePrivilege	5944	7zG.exe
Token: 35	5944	7zG.exe
Token: SeSecurityPrivilege	5944	7zG.exe
Token: SeSecurityPrivilege	5944	7zG.exe
Token: SeDebugPrivilege	5896	taskmgr.exe
Token: SeSystemProfilePrivilege	5896	taskmgr.exe
Token: SeCreateGlobalPrivilege	5896	taskmgr.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

chrome.exe7zG.exe7zG.exetaskmgr.exe

pid	process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
5840	7zG.exe
5944	7zG.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe

Suspicious use of SendNotifyMessage 38 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe
5896	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1848 wrote to memory of 1828	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 1828	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3652	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 1748	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 1748	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 2252	1848	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/watch?v=J54hbgHWekE
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4b754f50,0x7ffa4b754f60,0x7ffa4b754f70
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1648 /prefetch:2
2⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:8
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4620 /prefetch:8
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5328 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5868 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
2⤵
PID:5244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
2⤵
PID:5252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
2⤵
PID:5348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
2⤵
PID:5360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6980 /prefetch:8
2⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8680 /prefetch:8
2⤵
PID:5764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6368 /prefetch:8
2⤵
PID:5892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4316 /prefetch:8
2⤵
PID:5984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
2⤵
PID:6024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
2⤵
PID:6032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
2⤵
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
2⤵
PID:6048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
2⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
2⤵
PID:5412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
2⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:5564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
2⤵
PID:5604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
2⤵
PID:5584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
2⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8160 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
2⤵
PID:5852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,6780216042035112720,1517795618589589314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9400 /prefetch:8
2⤵
PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5704

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Installer\" -ad -an -ai#7zMap2541:80:7zEvent27482
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5840

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Installer\" -ad -an -ai#7zMap4927:80:7zEvent30268
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5944

C:\Users\Admin\Downloads\Installer\Installer\Setup.exe
"C:\Users\Admin\Downloads\Installer\Installer\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5340

C:\Users\Admin\Downloads\Installer\Installer\Setup.exe
"C:\Users\Admin\Downloads\Installer\Installer\Setup.exe"
2⤵
- Executes dropped EXE
PID:5996

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Downloads\Installer.rar
Filesize
17.5MB

MD5
5bc14fdac037f5eec01797df21373dae

SHA1
396aa5ade5528c30b9e34fcae67febc5fe69d1c9

SHA256
5a870b7b2081d501f60ebce672ea9d0a752cd42bc8e882a9faf43b3853317667

SHA512
2387f9e1c2f717e5d1dbe7a08d041350e82275ed51051845e1c8e7cb5f92e47a3e1c59f792751f8c87844c72b24d1793b8347f51e8a150e27f48d03ac6f7815c

Download Submit
C:\Users\Admin\Downloads\Installer\Installer\Setup.exe
Filesize
723.8MB

MD5
6205813943f5662ecbdafc062dbd05ec

SHA1
9b31ec336bf8e929932f9d3645d501a7926f02a7

SHA256
b23296f13d792abc553ced016811e61c82e56a21e63a2e5f625e912a5e744f1f

SHA512
fba27830f985524a2fa4b252c7681cff9cc4ee4cc5a677e7d1c4560fbc0046d7156fc301fec7f7d739a532080e04826346e939df4b6885592b9e179fbe87e8e3

Download Submit
C:\Users\Admin\Downloads\Installer\Installer\Setup.exe
Filesize
723.8MB

MD5
6205813943f5662ecbdafc062dbd05ec

SHA1
9b31ec336bf8e929932f9d3645d501a7926f02a7

SHA256
b23296f13d792abc553ced016811e61c82e56a21e63a2e5f625e912a5e744f1f

SHA512
fba27830f985524a2fa4b252c7681cff9cc4ee4cc5a677e7d1c4560fbc0046d7156fc301fec7f7d739a532080e04826346e939df4b6885592b9e179fbe87e8e3

Download Submit
C:\Users\Admin\Downloads\Installer\Installer\Setup.exe
Filesize
376.1MB

MD5
f4b32200e34184eb92c5cd03cd33d39e

SHA1
661ed02e6c0ff4bf43ef0a0574b546246736065a

SHA256
65a5265ad2f8399fc8bb00f73b799b7dcdf81d8b2cadcd9717ded5f6bd0e1d7a

SHA512
96629b926d574473e1afe6af97ec37fe14da717e85e3ed8c6736772da8cc27fe86db1a6a4ff5f3c513e3453bcf9678620ee7483a5385e6a14e94887c3cf89602

Download Submit
\??\pipe\crashpad_1848_AWZOLQVFVBYPZDGL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5340-141-0x00000000059F0000-0x00000000059FA000-memory.dmp

Filesize
40KB

Download
memory/5340-140-0x0000000005820000-0x00000000058B2000-memory.dmp

Filesize
584KB

Download
memory/5340-139-0x0000000005D30000-0x00000000062D4000-memory.dmp

Filesize
5.6MB

Download
memory/5340-142-0x0000000003010000-0x00000000030AC000-memory.dmp

Filesize
624KB

Download
memory/5340-138-0x0000000000EC0000-0x0000000000F9A000-memory.dmp

Filesize
872KB

Download
memory/5996-143-0x0000000000000000-mapping.dmp

Download
memory/5996-144-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/5996-146-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/5996-147-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/5996-148-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/5996-149-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads