72812fbf4ae87c8513fe9df88a6a28c78bb5211d13dc318e7f31e9ba22d4cd41

Analysis

max time kernel
0s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32d8d8e04fa3817422e864b0364933c3.exe
Size

1.5MB
MD5

32d8d8e04fa3817422e864b0364933c3
SHA1

8df08b61369e1397f19b962f5db648de5b60da26
SHA256

72812fbf4ae87c8513fe9df88a6a28c78bb5211d13dc318e7f31e9ba22d4cd41
SHA512

3279745f95f7be42d8acb8529db077eb223661d06898aad4da028e7300c49276d0502c62e94c6e6e41f12208182e8264b5e229b5cf3fbe165c14f533a1ed9af6
SSDEEP

24576:d//ccXtciIb1yqpYxfmpFcJk8LyFuo2Zs5WKvk0bq1tz1FXae:dccdciUMlukvouZ6M1z3

Score

7^/10

bootkit persistence

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	32d8d8e04fa3817422e864b0364933c3.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\3CA4E3\	32d8d8e04fa3817422e864b0364933c3.exe
File created	C:\Windows\SysWOW64\B3A6A3\B820A2.EXE	32d8d8e04fa3817422e864b0364933c3.exe
File opened for modification	C:\Windows\SysWOW64\B3A6A3\B820A2.EXE	32d8d8e04fa3817422e864b0364933c3.exe
File opened for modification	C:\Windows\SysWOW64\B3A6A3\	32d8d8e04fa3817422e864b0364933c3.exe
File opened for modification	C:\Windows\SysWOW64\B5A29B\	32d8d8e04fa3817422e864b0364933c3.exe
File opened for modification	C:\Windows\SysWOW64\D42343\	32d8d8e04fa3817422e864b0364933c3.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe
1752	32d8d8e04fa3817422e864b0364933c3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2432	1752	32d8d8e04fa3817422e864b0364933c3.exe	17
PID 1752 wrote to memory of 2432	1752	32d8d8e04fa3817422e864b0364933c3.exe	17
PID 1752 wrote to memory of 2432	1752	32d8d8e04fa3817422e864b0364933c3.exe	17
PID 1752 wrote to memory of 2432	1752	32d8d8e04fa3817422e864b0364933c3.exe	17

C:\Users\Admin\AppData\Local\Temp\32d8d8e04fa3817422e864b0364933c3.exe
"C:\Users\Admin\AppData\Local\Temp\32d8d8e04fa3817422e864b0364933c3.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Users\Admin\AppData\Local\Temp\32d8d8e04fa3817422e864b0364933c3
  2⤵
  PID:2432
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2888

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2736

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1776

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1656

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2352

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2492

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:1652
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2224
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:2856
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\B3A6A3\B820A2
      4⤵
      PID:2144
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:604
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        5⤵
        
        PID:1552
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:2496
      - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        6⤵
        
        PID:2528
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:824
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        7⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        8⤵
        
        PID:644
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        9⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        9⤵
        
        PID:1540
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Windows\SysWOW64\B3A6A3\B820A2
    3⤵
    PID:2544
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:2196

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2732

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2620

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1972

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1620

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2804

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2232

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:860

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2108

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:560
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2592
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:2408

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2080

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2712
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2604
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:2472
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\B3A6A3\B820A2
      4⤵
      PID:1772
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:1624
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        5⤵
        
        PID:1760
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:3084
      - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        6⤵
        
        PID:3156
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        7⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        7⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        8⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        9⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        9⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        10⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        10⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        11⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        11⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        12⤵
        
        PID:3880

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:268

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:240

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:908

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:644

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1604

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1832

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3140

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3344

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:3416

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3508

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3632

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2040

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:3808

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3784

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3892

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:3936

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:4016

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4040

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1560

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:3304
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:3076
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2604
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Windows\SysWOW64\B3A6A3\B820A2
    3⤵
    PID:3192
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:3352
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\B3A6A3\B820A2
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:3908
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        5⤵
        
        PID:4004
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:3136
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        7⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        8⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        8⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        9⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        9⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        10⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        10⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        11⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        11⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        12⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        13⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        13⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        14⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        14⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        15⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        15⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        7⤵
        
        PID:3812

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1760

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3640

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3552

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2424

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1772

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2196

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2888
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2632

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4020

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3960

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3876

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3356

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4156

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:4252

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4268

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4416

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4524

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4628

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:3116

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4752

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:4788

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:4828
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:4964
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:5008
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Windows\SysWOW64\B3A6A3\B820A2
    3⤵
    PID:5048
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:3944
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:3992
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        5⤵
        
        PID:4368
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:3216
      - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        6⤵
        
        PID:4624
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        7⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        7⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        8⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        9⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        10⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        10⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        11⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        11⤵
        
        PID:5036

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4940

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5060

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5112

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:3316

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4312

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:3988

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1692

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1676

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:560

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4184

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4468

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4168

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4216

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2660

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4716

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4300

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3556

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:3136

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4844

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:4152

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4612

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:4620
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:4728
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:5276
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\B3A6A3\B820A2
      4⤵
      PID:5304
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:5388
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        5⤵
        
        PID:5440
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:5516
      - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        6⤵
        
        PID:5552
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:5620

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4812

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:5204

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5268

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:3036

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5396

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5560

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5628

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:5672

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:5728
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:5776
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:5864

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5736

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:5896

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5904

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:5956
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:6020
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:6088
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:4972
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:5224
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        5⤵
        
        PID:5468
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:5656
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        7⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        7⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        8⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        9⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        10⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        11⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        12⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        12⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        13⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        14⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        14⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        15⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        15⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        16⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        16⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        17⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        17⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        18⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        18⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        19⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        19⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        20⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        20⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        21⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        21⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        22⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        22⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        23⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        23⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        24⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        24⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        25⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        25⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        26⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        27⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        27⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        28⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        28⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        29⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        29⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        30⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        30⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        31⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        31⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        32⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        32⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        33⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        33⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        34⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        34⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        35⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        35⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        36⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        36⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        37⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        37⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        38⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        38⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        39⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        39⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        40⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        40⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        41⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        42⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        42⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        43⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        44⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        44⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        45⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        45⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        46⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        46⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        47⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        47⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        48⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        48⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        49⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        49⤵
        
        PID:2916

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5992

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:6124

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6116

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2684

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:5244

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4432

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5324

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:5760

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5948

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5916

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5572

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5968

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2180

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2256

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6080

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5688

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:5540

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1996

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6296

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6364

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6532

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6636

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6736

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6828

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2964

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2608

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1268

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2072

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2340

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2672

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2044

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6092

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6216

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5044

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6632

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:6852

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7000

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1512

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1728

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6272

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1852

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6676

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7436

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7608

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7924

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8084

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2708

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7312

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7160

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:7688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7996

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7236

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7392

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_N4\cnvpe.fne

Filesize
60KB

MD5
8b34b80dc2a1f13dbfd97e3617cd4914

SHA1
5551b77a057c5deed53285afec54bb0e02e5d32c

SHA256
185aab8651e7f3ba3d7cf08cedeff1a01b752f2fd1226a1d1061ce7da3787afd

SHA512
a6688cae220f04f12dae465e3754b8864f74a6fcaa253c4ce351991474b7eae57a3d014f65c6becf3e016f8a124b1f959a2022e3b3a5037e53f545b8eb8ef3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne

Filesize
316KB

MD5
a89e736982a4c1b667d2e8a6db4d80b0

SHA1
c040eb45eb3a02a5c80bebcca87b92ecf9cabbaf

SHA256
05763f43e078cbf268f8ad7912d3ade9520b3b931be80f18751fe6d1b39a2004

SHA512
4a336c3b93d1cb3e2a750667c72d2e197d0cd7004d874576fc737115790ad4f5f4ee92b110e696cee0f4917558ccdd5e0e8e74cdea69171289bfb1eb1ddc5fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne

Filesize
180KB

MD5
c5b1592d29aac535cbb362a3bd5996f5

SHA1
06e39225dd7229176f58ad1b2ae00fed1c5fef60

SHA256
42b19934cac1dc8877b9f312e34744f65790f629dc649d033e8fd11eb8afbfaf

SHA512
8c99ac6a7ec966f3ab5ef77583ab81c663bb4190f6b60561306e500ba54badcbb30b7a0fd49d6d959e3ca1000831abc36e4b1068228b0c7f7ca8d33824f9aff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\spec.fne

Filesize
72KB

MD5
6bc59c007e944a8a08f94d0d171ce64a

SHA1
35b4e760ceb8be4d393a0af3ee28bac9241b1917

SHA256
46a38bb4eea530cbf0b2b4ecde7e122c6634c90d83cc814690693fdfe8490f24

SHA512
d27532afcddc376aac8b069e41c687e14838208edd258528ec5011a33c5166b9d04a6b371aed1ae899faa8ae1a68e60132832aeb27e02c336398b62aa3ed41e3

Download Submit
C:\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
381KB

MD5
a5a7c896233298ab8b22ce9c1cf6dc6c

SHA1
ffc1808ef8607c4c546e5a649ddbc2c6832a04a3

SHA256
cb095f0c160fb4258adc1e9a45536aef255894d82fe0a3535687b71612ff1aac

SHA512
df30803b02c4f029f610e04364acbd85078ce719c9229f68e89019ca2a29aa525530d6540bf152209c6950986a98bdb20d5c65e4768186dec6e1228a018fb166

Download Submit
C:\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
1.5MB

MD5
32d8d8e04fa3817422e864b0364933c3

SHA1
8df08b61369e1397f19b962f5db648de5b60da26

SHA256
72812fbf4ae87c8513fe9df88a6a28c78bb5211d13dc318e7f31e9ba22d4cd41

SHA512
3279745f95f7be42d8acb8529db077eb223661d06898aad4da028e7300c49276d0502c62e94c6e6e41f12208182e8264b5e229b5cf3fbe165c14f533a1ed9af6

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
212KB

MD5
a5c75ebe3b62da635a4495aa98d6a50f

SHA1
d7e6a6378721b2a424bace08c077c59d661da915

SHA256
6434d9ae93005ea6e400e747d44be5cf2ff5c21497d7cef14e19476e1fa96b3e

SHA512
51a2baa3bfbd18403d0509a464d749af054baf11243b256425c4f469c9bb3e06611bc4c6e1cacf1bd271cfa8f018ae1483e82c9d0e1c7f60b531085f48da457c

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\dp1.fne

Filesize
112KB

MD5
c9abee70558396a5bf634f063da4cc15

SHA1
42a3401315b2e1f62672edd51fa80d3ad89ceae3

SHA256
c9c80cc51dddc01d27a2c8f664b1c3d96b6ae5c44543eff0bf99942dc784965f

SHA512
8bd6ae63b5b1d499338fd1b9a2bef60602397bf98af8127ec97bf84399642bf3ad0279d86e94c86f2b61183029580dcd48cecaad13ad5fa00c56c9fac35c541c

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
671a4c8163788c68e7e589fa0c8a3dd6

SHA1
3eb6ad80f3045811aea96e5e9777327cd3607927

SHA256
bc7cf1f2ed53a212bdf2d8f1e7e42e1034e862ae38a80af471d171611c7ff1c2

SHA512
4fa631c436b63042b81fc9b85cbf49651f360428517a40c05d2a9f7dba924934f43c32960d37af9ac877247bd758b4cb1df48dad28f390ab1942d3eb7d88778f

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

Filesize
40KB

MD5
02db60bc9f96d78d1b4f6bf215ab4b34

SHA1
ebed178ace054ecdf34905c43cee4d9b62bd26d3

SHA256
3b5b383b9e2f27832e8d2957e7986da27ac2fb71adfa5def4cee95d320d31e1a

SHA512
fb7aa1a0f42717f65b569b74804ef3663353001e51ef2be0ef2ba355d5ccbfd11e19aaef5a6a5f34e412d546d7327fe32e2c3f0127740a8fd9983e8d4fb19852

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
1.1MB

MD5
f059457c99f5e2f8937de32f7553b4dd

SHA1
b31eb0f846f6a8de66fec186463014ba1a06462d

SHA256
7234b4b175224877cd085e70463b1aaff396a06a523cea46516176d20d7a7486

SHA512
0da2d46016fd7dc615c579454ef25c41d1e75dfeb76b359eede66c1a4ab5c9203245e08557e28ccfc97e95051ed234a3a2a4938272226d647b207ac24749cd3c

Download Submit
memory/560-150-0x00000000003D0000-0x00000000003E1000-memory.dmp

Filesize
68KB

Download
memory/560-153-0x0000000000300000-0x0000000000338000-memory.dmp

Filesize
224KB

Download
memory/560-160-0x0000000000730000-0x0000000000782000-memory.dmp

Filesize
328KB

Download
memory/560-161-0x0000000000730000-0x0000000000782000-memory.dmp

Filesize
328KB

Download
memory/560-149-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/560-148-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/560-151-0x0000000000500000-0x000000000051E000-memory.dmp

Filesize
120KB

Download
memory/1268-182-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/1268-139-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/1652-180-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/1652-174-0x00000000003C0000-0x00000000003F8000-memory.dmp

Filesize
224KB

Download
memory/1652-179-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/1652-176-0x0000000001CF0000-0x0000000001D0E000-memory.dmp

Filesize
120KB

Download
memory/1652-175-0x0000000001CD0000-0x0000000001CE1000-memory.dmp

Filesize
68KB

Download
memory/1676-181-0x0000000003A80000-0x0000000003A81000-memory.dmp

Filesize
4KB

Download
memory/1752-20-0x00000000004A0000-0x00000000004BE000-memory.dmp

Filesize
120KB

Download
memory/1752-42-0x0000000001DF0000-0x0000000001E42000-memory.dmp

Filesize
328KB

Download
memory/1752-30-0x0000000001DF0000-0x0000000001E42000-memory.dmp

Filesize
328KB

Download
memory/1752-187-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/1752-19-0x00000000003D0000-0x00000000003E1000-memory.dmp

Filesize
68KB

Download
memory/1752-14-0x0000000000460000-0x0000000000498000-memory.dmp

Filesize
224KB

Download
memory/1752-11-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/1752-6-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2044-57-0x0000000003D90000-0x0000000003DA0000-memory.dmp

Filesize
64KB

Download
memory/2044-71-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/2072-93-0x0000000001DC0000-0x0000000001DDE000-memory.dmp

Filesize
120KB

Download
memory/2072-88-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2072-94-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2072-101-0x0000000002170000-0x00000000021C2000-memory.dmp

Filesize
328KB

Download
memory/2072-92-0x0000000001DA0000-0x0000000001DB1000-memory.dmp

Filesize
68KB

Download
memory/2072-96-0x00000000001B0000-0x00000000001E8000-memory.dmp

Filesize
224KB

Download
memory/2072-102-0x0000000002170000-0x00000000021C2000-memory.dmp

Filesize
328KB

Download
memory/2256-123-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2256-133-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2256-135-0x00000000005F0000-0x0000000000628000-memory.dmp

Filesize
224KB

Download
memory/2256-142-0x0000000001DF0000-0x0000000001E42000-memory.dmp

Filesize
328KB

Download
memory/2256-138-0x0000000001C80000-0x0000000001C9E000-memory.dmp

Filesize
120KB

Download
memory/2256-147-0x0000000001DF0000-0x0000000001E42000-memory.dmp

Filesize
328KB

Download
memory/2256-140-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/2352-168-0x0000000003A80000-0x0000000003A81000-memory.dmp

Filesize
4KB

Download
memory/2592-166-0x00000000006B0000-0x00000000006CE000-memory.dmp

Filesize
120KB

Download
memory/2592-163-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2592-165-0x0000000000460000-0x0000000000471000-memory.dmp

Filesize
68KB

Download
memory/2592-169-0x0000000001E70000-0x0000000001EC2000-memory.dmp

Filesize
328KB

Download
memory/2592-178-0x0000000001E70000-0x0000000001EC2000-memory.dmp

Filesize
328KB

Download
memory/2592-162-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2592-164-0x0000000000650000-0x0000000000688000-memory.dmp

Filesize
224KB

Download
memory/2608-112-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2608-116-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2608-119-0x0000000001FA0000-0x0000000001FBE000-memory.dmp

Filesize
120KB

Download
memory/2608-118-0x00000000008A0000-0x00000000008B1000-memory.dmp

Filesize
68KB

Download
memory/2608-117-0x00000000005F0000-0x0000000000628000-memory.dmp

Filesize
224KB

Download
memory/2632-68-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2632-72-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2632-73-0x0000000001E40000-0x0000000001E5E000-memory.dmp

Filesize
120KB

Download
memory/2632-74-0x0000000001E00000-0x0000000001E38000-memory.dmp

Filesize
224KB

Download
memory/2632-75-0x0000000001DA0000-0x0000000001DB1000-memory.dmp

Filesize
68KB

Download
memory/2672-152-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2672-97-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2888-53-0x00000000003E0000-0x00000000003F1000-memory.dmp

Filesize
68KB

Download
memory/2888-52-0x00000000005F0000-0x000000000060E000-memory.dmp

Filesize
120KB

Download
memory/2888-47-0x0000000000220000-0x0000000000258000-memory.dmp

Filesize
224KB

Download
memory/2888-46-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2888-43-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2964-159-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads