redline | bb2a56b2d08dfd580aa7918d7f1f844959bee7f3b868488c5e2e932c9885ec32

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2115abb3b850a690a74ea252deaa710a.exe
Size

622KB
MD5

2115abb3b850a690a74ea252deaa710a
SHA1

8e42491122339c022ee5c6cac17e547bfabd4e2a
SHA256

bb2a56b2d08dfd580aa7918d7f1f844959bee7f3b868488c5e2e932c9885ec32
SHA512

46e7f52f903591edad5d346312581a4d241c2fa8c2ae0760a2f469946f699475ef6956be71aba55659226d93a48574b59d19760412c2d32590e3a826d9c5757c
SSDEEP

12288:iFQXX1C7b94xV/sJI7nD68b618g6ggEfzDehxTjUZW2H82h:CIOsRnDg

Score

10^/10

redline sectoprat norman2 infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

NORMAN2

45.14.49.184:27587

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 8 IoCs

resource	yara_rule
behavioral1/memory/3048-7-0x0000000000400000-0x0000000000422000-memory.dmp	family_redline
behavioral1/memory/3048-9-0x0000000000400000-0x0000000000422000-memory.dmp	family_redline
behavioral1/memory/3048-13-0x0000000000400000-0x0000000000422000-memory.dmp	family_redline
behavioral1/memory/3048-15-0x0000000000400000-0x0000000000422000-memory.dmp	family_redline
behavioral1/memory/3048-17-0x0000000000400000-0x0000000000422000-memory.dmp	family_redline
behavioral1/memory/1888-110-0x0000000000D90000-0x0000000000DD0000-memory.dmp	family_redline
behavioral1/memory/1768-220-0x0000000004B60000-0x0000000004BA0000-memory.dmp	family_redline
behavioral1/memory/2888-293-0x00000000006D0000-0x0000000000710000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 13 IoCs

resource	yara_rule
behavioral1/memory/3048-7-0x0000000000400000-0x0000000000422000-memory.dmp	family_sectoprat
behavioral1/memory/3048-9-0x0000000000400000-0x0000000000422000-memory.dmp	family_sectoprat
behavioral1/memory/3048-13-0x0000000000400000-0x0000000000422000-memory.dmp	family_sectoprat
behavioral1/memory/3048-15-0x0000000000400000-0x0000000000422000-memory.dmp	family_sectoprat
behavioral1/memory/3048-17-0x0000000000400000-0x0000000000422000-memory.dmp	family_sectoprat
behavioral1/memory/2288-36-0x0000000004B50000-0x0000000004B90000-memory.dmp	family_sectoprat
behavioral1/memory/1780-73-0x0000000000C40000-0x0000000000C80000-memory.dmp	family_sectoprat
behavioral1/memory/1888-110-0x0000000000D90000-0x0000000000DD0000-memory.dmp	family_sectoprat
behavioral1/memory/1740-166-0x0000000004810000-0x0000000004850000-memory.dmp	family_sectoprat
behavioral1/memory/2004-202-0x00000000011C0000-0x0000000001200000-memory.dmp	family_sectoprat
behavioral1/memory/1768-220-0x0000000004B60000-0x0000000004BA0000-memory.dmp	family_sectoprat
behavioral1/memory/2888-293-0x00000000006D0000-0x0000000000710000-memory.dmp	family_sectoprat
behavioral1/memory/2172-312-0x0000000000440000-0x0000000000480000-memory.dmp	family_sectoprat

Suspicious use of SetThreadContext 46 IoCs

description	pid	Process	procid_target
PID 2552 set thread context of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 set thread context of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 set thread context of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 set thread context of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 set thread context of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 set thread context of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 set thread context of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 set thread context of 2712	2552	2115abb3b850a690a74ea252deaa710a.exe	36
PID 2552 set thread context of 1740	2552	2115abb3b850a690a74ea252deaa710a.exe	37
PID 2552 set thread context of 324	2552	2115abb3b850a690a74ea252deaa710a.exe	38
PID 2552 set thread context of 2004	2552	2115abb3b850a690a74ea252deaa710a.exe	39
PID 2552 set thread context of 1768	2552	2115abb3b850a690a74ea252deaa710a.exe	40
PID 2552 set thread context of 1176	2552	2115abb3b850a690a74ea252deaa710a.exe	41
PID 2552 set thread context of 1100	2552	2115abb3b850a690a74ea252deaa710a.exe	42
PID 2552 set thread context of 2920	2552	2115abb3b850a690a74ea252deaa710a.exe	43
PID 2552 set thread context of 2888	2552	2115abb3b850a690a74ea252deaa710a.exe	46
PID 2552 set thread context of 2172	2552	2115abb3b850a690a74ea252deaa710a.exe	47
PID 2552 set thread context of 2816	2552	2115abb3b850a690a74ea252deaa710a.exe	48
PID 2552 set thread context of 1796	2552	2115abb3b850a690a74ea252deaa710a.exe	49
PID 2552 set thread context of 1064	2552	2115abb3b850a690a74ea252deaa710a.exe	51
PID 2552 set thread context of 2524	2552	2115abb3b850a690a74ea252deaa710a.exe	52
PID 2552 set thread context of 2220	2552	2115abb3b850a690a74ea252deaa710a.exe	53
PID 2552 set thread context of 1828	2552	2115abb3b850a690a74ea252deaa710a.exe	54
PID 2552 set thread context of 916	2552	2115abb3b850a690a74ea252deaa710a.exe	55
PID 2552 set thread context of 2732	2552	2115abb3b850a690a74ea252deaa710a.exe	56
PID 2552 set thread context of 1728	2552	2115abb3b850a690a74ea252deaa710a.exe	58
PID 2552 set thread context of 2788	2552	2115abb3b850a690a74ea252deaa710a.exe	59
PID 2552 set thread context of 2424	2552	2115abb3b850a690a74ea252deaa710a.exe	60
PID 2552 set thread context of 1208	2552	2115abb3b850a690a74ea252deaa710a.exe	61
PID 2552 set thread context of 1232	2552	2115abb3b850a690a74ea252deaa710a.exe	62
PID 2552 set thread context of 292	2552	2115abb3b850a690a74ea252deaa710a.exe	63
PID 2552 set thread context of 2216	2552	2115abb3b850a690a74ea252deaa710a.exe	64
PID 2552 set thread context of 2960	2552	2115abb3b850a690a74ea252deaa710a.exe	65
PID 2552 set thread context of 1600	2552	2115abb3b850a690a74ea252deaa710a.exe	66
PID 2552 set thread context of 1544	2552	2115abb3b850a690a74ea252deaa710a.exe	67
PID 2552 set thread context of 2224	2552	2115abb3b850a690a74ea252deaa710a.exe	68
PID 2552 set thread context of 2092	2552	2115abb3b850a690a74ea252deaa710a.exe	69
PID 2552 set thread context of 968	2552	2115abb3b850a690a74ea252deaa710a.exe	70
PID 2552 set thread context of 1596	2552	2115abb3b850a690a74ea252deaa710a.exe	72
PID 2552 set thread context of 1196	2552	2115abb3b850a690a74ea252deaa710a.exe	73
PID 2552 set thread context of 856	2552	2115abb3b850a690a74ea252deaa710a.exe	74
PID 2552 set thread context of 1324	2552	2115abb3b850a690a74ea252deaa710a.exe	75
PID 2552 set thread context of 2504	2552	2115abb3b850a690a74ea252deaa710a.exe	76
PID 2552 set thread context of 2972	2552	2115abb3b850a690a74ea252deaa710a.exe	77
PID 2552 set thread context of 1376	2552	2115abb3b850a690a74ea252deaa710a.exe	78
PID 2552 set thread context of 948	2552	2115abb3b850a690a74ea252deaa710a.exe	79

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 3048	2552	2115abb3b850a690a74ea252deaa710a.exe	29
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2288	2552	2115abb3b850a690a74ea252deaa710a.exe	30
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 2612	2552	2115abb3b850a690a74ea252deaa710a.exe	31
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 1780	2552	2115abb3b850a690a74ea252deaa710a.exe	32
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 2120	2552	2115abb3b850a690a74ea252deaa710a.exe	33
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 1888	2552	2115abb3b850a690a74ea252deaa710a.exe	34
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2752	2552	2115abb3b850a690a74ea252deaa710a.exe	35
PID 2552 wrote to memory of 2712	2552	2115abb3b850a690a74ea252deaa710a.exe	36

C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
"C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:3048
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1780
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2120
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1888
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2752
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2712
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:324
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2004
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1176
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1100
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2920
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2888
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2172
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2816
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1796
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1064
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2524
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2220
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1828
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:916
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1980
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1728
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2788
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1208
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1232
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:292
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2216
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2960
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1600
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1544
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2224
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2092
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:968
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2356
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1596
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1196
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:856
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1324
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2504
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:1376
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:948
- C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  C:\Users\Admin\AppData\Local\Temp\2115abb3b850a690a74ea252deaa710a.exe
  2⤵
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/324-238-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/324-185-0x0000000001250000-0x0000000001290000-memory.dmp

Filesize
256KB

Download
memory/324-255-0x0000000001250000-0x0000000001290000-memory.dmp

Filesize
256KB

Download
memory/324-183-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1100-256-0x00000000048D0000-0x0000000004910000-memory.dmp

Filesize
256KB

Download
memory/1100-313-0x00000000048D0000-0x0000000004910000-memory.dmp

Filesize
256KB

Download
memory/1100-310-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1100-254-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1176-292-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1176-294-0x00000000011F0000-0x0000000001230000-memory.dmp

Filesize
256KB

Download
memory/1176-237-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1740-166-0x0000000004810000-0x0000000004850000-memory.dmp

Filesize
256KB

Download
memory/1740-165-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1740-236-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1768-275-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1768-220-0x0000000004B60000-0x0000000004BA0000-memory.dmp

Filesize
256KB

Download
memory/1768-219-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1780-73-0x0000000000C40000-0x0000000000C80000-memory.dmp

Filesize
256KB

Download
memory/1780-71-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1780-129-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1780-145-0x0000000000C40000-0x0000000000C80000-memory.dmp

Filesize
256KB

Download
memory/1796-347-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1888-167-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1888-109-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/1888-110-0x0000000000D90000-0x0000000000DD0000-memory.dmp

Filesize
256KB

Download
memory/2004-201-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2004-202-0x00000000011C0000-0x0000000001200000-memory.dmp

Filesize
256KB

Download
memory/2004-272-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2004-273-0x00000000011C0000-0x0000000001200000-memory.dmp

Filesize
256KB

Download
memory/2120-164-0x0000000004D20000-0x0000000004D60000-memory.dmp

Filesize
256KB

Download
memory/2120-148-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2120-91-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2120-92-0x0000000004D20000-0x0000000004D60000-memory.dmp

Filesize
256KB

Download
memory/2172-312-0x0000000000440000-0x0000000000480000-memory.dmp

Filesize
256KB

Download
memory/2172-311-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2288-35-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2288-93-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2288-90-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2288-36-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2552-52-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2552-1-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2552-2-0x0000000004900000-0x0000000004940000-memory.dmp

Filesize
256KB

Download
memory/2552-0-0x00000000012B0000-0x0000000001352000-memory.dmp

Filesize
648KB

Download
memory/2552-55-0x0000000004900000-0x0000000004940000-memory.dmp

Filesize
256KB

Download
memory/2612-111-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2612-127-0x0000000001270000-0x00000000012B0000-memory.dmp

Filesize
256KB

Download
memory/2612-54-0x0000000001270000-0x00000000012B0000-memory.dmp

Filesize
256KB

Download
memory/2612-53-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2712-147-0x0000000004BE0000-0x0000000004C20000-memory.dmp

Filesize
256KB

Download
memory/2712-203-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2712-146-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2752-184-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2752-128-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2816-329-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2888-293-0x00000000006D0000-0x0000000000710000-memory.dmp

Filesize
256KB

Download
memory/2888-348-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2888-291-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2920-346-0x0000000000A00000-0x0000000000A40000-memory.dmp

Filesize
256KB

Download
memory/2920-330-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/2920-274-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/3048-15-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-7-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-5-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-3-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-9-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3048-13-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-17-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3048-18-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/3048-19-0x00000000003A0000-0x00000000003E0000-memory.dmp

Filesize
256KB

Download
memory/3048-72-0x0000000074EA0000-0x000000007558E000-memory.dmp

Filesize
6.9MB

Download
memory/3048-74-0x00000000003A0000-0x00000000003E0000-memory.dmp

Filesize
256KB

Download