Overview
overview
10Static
static
10123.exe
windows7-x64
1123.exe
windows10-2004-x64
1360sb.exe
windows7-x64
10360sb.exe
windows10-2004-x64
107000.32
ubuntu-18.04-amd64
17000.64
ubuntu-18.04-amd64
7Linux577
ubuntu-18.04-amd64
8Mh.exe
windows7-x64
7Mh.exe
windows10-2004-x64
10Mh1.exe
windows7-x64
7Mh1.exe
windows10-2004-x64
10Mh2.exe
windows7-x64
7Mh2.exe
windows10-2004-x64
10SETUP.exe
windows7-x64
SETUP.exe
windows10-2004-x64
TX98
ubuntu-18.04-amd64
1TX981
ubuntu-18.04-amd64
1TX982
ubuntu-18.04-amd64
7TX984
debian-9-armhf
7TX985
debian-9-mipsel
7TX986
debian-9-mips
7bjyk.exe
windows7-x64
10bjyk.exe
windows10-2004-x64
10ceshi.exe
windows7-x64
10ceshi.exe
windows10-2004-x64
10ddos.exe
windows7-x64
1ddos.exe
windows10-2004-x64
10dhl.exe
windows7-x64
7dhl.exe
windows10-2004-x64
10mh3.exe
windows7-x64
7mh3.exe
windows10-2004-x64
10server.exe
windows7-x64
10Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
27-03-2023 09:42
Behavioral task
behavioral1
Sample
123.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
123.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
360sb.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
360sb.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
7000.32
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral6
Sample
7000.64
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral7
Sample
Linux577
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral8
Sample
Mh.exe
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
Mh.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
Mh1.exe
Resource
win7-20230220-en
Behavioral task
behavioral11
Sample
Mh1.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
Mh2.exe
Resource
win7-20230220-en
Behavioral task
behavioral13
Sample
Mh2.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
SETUP.exe
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
SETUP.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral16
Sample
TX98
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral17
Sample
TX981
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral18
Sample
TX982
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral19
Sample
TX984
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral20
Sample
TX985
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral21
Sample
TX986
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral22
Sample
bjyk.exe
Resource
win7-20230220-en
Behavioral task
behavioral23
Sample
bjyk.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral24
Sample
ceshi.exe
Resource
win7-20230220-en
Behavioral task
behavioral25
Sample
ceshi.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral26
Sample
ddos.exe
Resource
win7-20230220-en
Behavioral task
behavioral27
Sample
ddos.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral28
Sample
dhl.exe
Resource
win7-20230220-en
Behavioral task
behavioral29
Sample
dhl.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral30
Sample
mh3.exe
Resource
win7-20230220-en
Behavioral task
behavioral31
Sample
mh3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral32
Sample
server.exe
Resource
win7-20230220-en
General
-
Target
ddos.exe
-
Size
38KB
-
MD5
d68ab23225bf1388a7a16963356a87b6
-
SHA1
09ca273cdecf55b67eb20ced2e11a64b52058044
-
SHA256
3e20b4ca4fea293b596c23328a06207c301d135774e461ff5c5e7b84784ffd47
-
SHA512
ae38756fe73206ec9fdbd4b1c8e57c6e880630385bd5fab2e57ec3f61eea4f3a7d9aa58c8f593eb68d8a6c5df116e24a19f7bdc771d7d97eec7f7cb602d9f234
-
SSDEEP
768:mACSpftPzWIYHqfwyk0vsYRG3IUlcV0njosBRtmwOZO4KaAtGB9wMCC:mXSLiIask0vzA3IUlcVIjLB9nMD
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 4 IoCs
Processes:
ddos.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\ddos.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ddos.exe:*:enabled:@shell32.dll,-1" ddos.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ddos.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile ddos.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ddos.exe -
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
ddos.exedescription ioc process File opened (read-only) \??\N: ddos.exe File opened (read-only) \??\T: ddos.exe File opened (read-only) \??\X: ddos.exe File opened (read-only) \??\J: ddos.exe File opened (read-only) \??\M: ddos.exe File opened (read-only) \??\Q: ddos.exe File opened (read-only) \??\Z: ddos.exe File opened (read-only) \??\H: ddos.exe File opened (read-only) \??\G: ddos.exe File opened (read-only) \??\I: ddos.exe File opened (read-only) \??\L: ddos.exe File opened (read-only) \??\O: ddos.exe File opened (read-only) \??\V: ddos.exe File opened (read-only) \??\Y: ddos.exe File opened (read-only) \??\F: ddos.exe File opened (read-only) \??\K: ddos.exe File opened (read-only) \??\P: ddos.exe File opened (read-only) \??\R: ddos.exe File opened (read-only) \??\S: ddos.exe File opened (read-only) \??\U: ddos.exe File opened (read-only) \??\W: ddos.exe File opened (read-only) \??\E: ddos.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
ddos.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ddos.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ddos.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
ddos.exepid process 3324 ddos.exe 3324 ddos.exe -
Suspicious behavior: MapViewOfSection 64 IoCs
Processes:
ddos.exepid process 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe 3324 ddos.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
ddos.exepid process 3324 ddos.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ddos.exedescription pid process Token: SeDebugPrivilege 3324 ddos.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
ddos.exedescription pid process target process PID 3324 wrote to memory of 584 3324 ddos.exe winlogon.exe PID 3324 wrote to memory of 584 3324 ddos.exe winlogon.exe PID 3324 wrote to memory of 584 3324 ddos.exe winlogon.exe PID 3324 wrote to memory of 584 3324 ddos.exe winlogon.exe PID 3324 wrote to memory of 584 3324 ddos.exe winlogon.exe PID 3324 wrote to memory of 584 3324 ddos.exe winlogon.exe PID 3324 wrote to memory of 672 3324 ddos.exe lsass.exe PID 3324 wrote to memory of 672 3324 ddos.exe lsass.exe PID 3324 wrote to memory of 672 3324 ddos.exe lsass.exe PID 3324 wrote to memory of 672 3324 ddos.exe lsass.exe PID 3324 wrote to memory of 672 3324 ddos.exe lsass.exe PID 3324 wrote to memory of 672 3324 ddos.exe lsass.exe PID 3324 wrote to memory of 764 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 764 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 764 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 764 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 764 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 764 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 768 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 768 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 768 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 768 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 768 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 768 3324 ddos.exe fontdrvhost.exe PID 3324 wrote to memory of 788 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 788 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 788 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 788 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 788 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 788 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 892 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 892 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 892 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 892 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 892 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 892 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 952 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 952 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 952 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 952 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 952 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 952 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 64 3324 ddos.exe dwm.exe PID 3324 wrote to memory of 64 3324 ddos.exe dwm.exe PID 3324 wrote to memory of 64 3324 ddos.exe dwm.exe PID 3324 wrote to memory of 64 3324 ddos.exe dwm.exe PID 3324 wrote to memory of 64 3324 ddos.exe dwm.exe PID 3324 wrote to memory of 64 3324 ddos.exe dwm.exe PID 3324 wrote to memory of 508 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 508 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 508 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 508 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 508 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 508 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 840 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 840 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 840 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 840 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 840 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 840 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 1036 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 1036 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 1036 3324 ddos.exe svchost.exe PID 3324 wrote to memory of 1036 3324 ddos.exe svchost.exe
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"2⤵
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵
-
C:\Windows\system32\SppExtComObj.exeC:\Windows\system32\SppExtComObj.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\ddos.exe"C:\Users\Admin\AppData\Local\Temp\ddos.exe"2⤵
- Modifies firewall policy service
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks1⤵
-
C:\Windows\sysmon.exeC:\Windows\sysmon.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p1⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s netprofm1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s SENS1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s nsi1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s Themes1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS -p1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p1⤵
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3324-133-0x0000000000400000-0x0000000000409800-memory.dmpFilesize
38KB
-
memory/3324-134-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-135-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-136-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-137-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-138-0x0000000000400000-0x0000000000409800-memory.dmpFilesize
38KB
-
memory/3324-139-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-140-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-141-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB
-
memory/3324-142-0x000000007FE40000-0x000000007FE4C000-memory.dmpFilesize
48KB