lumma | 20b41d5a67097cc35f91a0a2c47857d556df939825465e5ac197dd1c5e33f71e

Analysis

max time kernel
1s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe
Size

2.4MB
MD5

f4e12ccaabddc9024adda74dacadb681
SHA1

672e1c2b35cd863c6bcc281604893ec78f168cc5
SHA256

66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384
SHA512

8440b414f02769db73b07db6a5ae57f92b783a1694cd4ebae738771ffdb5656dd295a3235499e5f9401ff08584b8736bacff0848252f10b3bb55d492ac8725b9
SSDEEP

49152:xLuYoz262V1lcg/2aRdbDwvDoo/LaKsc8hwwefPmynPnWiy2wf:Uz+blcg/2+dsjPq3g3P/y2s

Score

10^/10

lumma persistence stealer

Malware Config

Signatures

Detect Lumma Stealer payload V4 3 IoCs

resource	yara_rule
behavioral2/memory/4508-570-0x0000000002650000-0x00000000026CC000-memory.dmp	family_lumma_v4
behavioral2/memory/4508-580-0x0000000000400000-0x0000000000892000-memory.dmp	family_lumma_v4
behavioral2/memory/4508-581-0x0000000000400000-0x0000000000892000-memory.dmp	family_lumma_v4

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 2 IoCs

pid	Process
2728	Cp9iY02.exe
1928	2so0154.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Cp9iY02.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x000700000002320a-13.dat	autoit_exe
behavioral2/files/0x000700000002320a-12.dat	autoit_exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
592	868	WerFault.exe	37
2988	4508	WerFault.exe	144

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5340	schtasks.exe
6124	schtasks.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1928	2so0154.exe
1928	2so0154.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1928	2so0154.exe
1928	2so0154.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 2728	4172	66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe	23
PID 4172 wrote to memory of 2728	4172	66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe	23
PID 4172 wrote to memory of 2728	4172	66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe	23
PID 2728 wrote to memory of 1928	2728	Cp9iY02.exe	21
PID 2728 wrote to memory of 1928	2728	Cp9iY02.exe	21
PID 2728 wrote to memory of 1928	2728	Cp9iY02.exe	21

C:\Users\Admin\AppData\Local\Temp\66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe
"C:\Users\Admin\AppData\Local\Temp\66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cp9iY02.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cp9iY02.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VV5Ym9.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VV5Ym9.exe
    3⤵
    PID:868
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-MpPreference -verbose
      4⤵
      PID:4144
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
      4⤵
      PID:2312
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
        5⤵
        Creates scheduled task(s)
        
        PID:5340
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
      4⤵
      PID:5392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 3056
      4⤵
      Program crash
      PID:592
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AZ0Oc7.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AZ0Oc7.exe
  2⤵
  PID:4508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 864
    3⤵
    - Program crash
    PID:2988

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so0154.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so0154.exe
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  PID:776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16643844743012907866,14455060422869790301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16643844743012907866,14455060422869790301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb4d8f46f8,0x7ffb4d8f4708,0x7ffb4d8f4718
    3⤵
    PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
  2⤵
  PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14313854002657794399,16035686188878552824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14313854002657794399,16035686188878552824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:3320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb4d8f46f8,0x7ffb4d8f4708,0x7ffb4d8f4718
    3⤵
    PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://facebook.com/login
  2⤵
  PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 /prefetch:8
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8
    3⤵
    PID:3176
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8
    3⤵
    PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:5576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:5548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
    3⤵
    PID:1352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
1⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
1⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
1⤵
PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
1⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
1⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
1⤵
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
1⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7513812085757168121,11754998336586893516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
1⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb4d8f46f8,0x7ffb4d8f4708,0x7ffb4d8f4718
1⤵
PID:2176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x3c8
1⤵
PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5652

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
1⤵
- Creates scheduled task(s)
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 868 -ip 868
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4508 -ip 4508
1⤵
PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8a1d28b5eda8ec0917a7e1796d3aa193

SHA1
5604a535bf3e5492b9bf3ade78ca7d463a4bfdb2

SHA256
dfaf6313fd293f6013f58fb6790fd38ca2f04931403267b7a6aef7bfa81d50bb

SHA512
51b5bec82ff9ffb45fee5c9dd1d51559c351253489ea83a66e290459975d8ca899cde4f3bb5afbaa7a3f0b169f87a7514d8df88baaeec5bd72d190fd6d3e041b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
70KB

MD5
d70e4e2891d8d055040775ac3f11fc98

SHA1
95de9f55f6b17c1898ab0e2204ac57acae5695e0

SHA256
a2853ac56a3146e42a4ba749734a63921187c03dd137e0e727ab817a5a4551f5

SHA512
d691f919b96755e22fbfd3667a45d80a0658fe1fa2c66b9629d6ed250c2524691d17b5bc866fda3efb09be119f42ae05189fc992c0b48824295d437ad72e8167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
624B

MD5
76dca7b99b8e6aeeac4b3da6ac211e93

SHA1
7b84941e621820aa9d37ee01025d95c46eb451c5

SHA256
017b9cec86365ba2f9ae848d03132c5af20c395850205a5e012562ac096bc504

SHA512
ce10a87d2e80fddad074fb92816d000d78a9e6f81029f082f5dd70746f0cbb7263bac3ac723709af7722dfdcdd74f10d652d10781d2019a83115d5f0e9127da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a518ec0584941a9b1f86bf3079b58e59

SHA1
f24207887294325b9ce6c28528c2eb2d4f31ce5f

SHA256
47f8cc9a929653ec32229de59744320cfef195d7b06cbc0b00e13ceaca0a75dc

SHA512
2df8915464793565489f2f9d938f8351480fb3490ee99a962aa6248522dc13ce69de79c6e9d0f408e9731698dc43d2cf295985ea114df96fc1ea4e496a19cbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a257ea49cd17e53de222230c255ee012

SHA1
421d0a9ba2c64f53605a0313e7d3ae88bc5d5052

SHA256
fe06f8cc08244859d96f277bff79626b3846fdc10ef40226cfe57c78a1af49dc

SHA512
f950f5d4dee80692304a2cd159b881ffed355bca82aec892181e24850275132c43d01f7d633333268f8fc0caeecce7fce6df67b94bd766ad7c7e20994eb1155e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69ae1db148f25cf51e3a5fdf3d07189e

SHA1
2020082e7968211e9e7370b0b648440b4c045c30

SHA256
fc427d7392f5e06ea9a7241aad18c0367407d78a4e2d20815878628fa43cf3a9

SHA512
fe80ea5cc35d9831ca75508b7c9cc68d13c1b4c4a9685e76fa646c77353aef3bb6b3013660c4b8b8fecba7e68a72da51d2f97ffdee8a2509b8abc24c67002f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1ab040c5-615d-44c0-9323-b93aca01f1d9\index-dir\the-real-index

Filesize
2KB

MD5
8cfe598a4a12ce81a30147f04fafb811

SHA1
addc3866d4448354ef3c37610511feffdd28e523

SHA256
2662424a4e988190931dc613ad515fd85e78ebad4e882a7615eff3acb41fb0fc

SHA512
c13a3e171fc8ab68f89e811333ff7682f146a408766c80b68378d3939a0197d691b7168f8507dd119b3bc51484dd8bc3a38ca2d90f769260a54977571db0c341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
648431b9e9dcc674d32c30807b5ca93f

SHA1
73f0206918ec035bdda0f0781bb22e511844f986

SHA256
eabad0b868c938dd6649f9774c65bef838b40b759dd76d1e2d44a4dfd0411908

SHA512
1edf1cd71405a4a8f7007f4da83ae139762461f6e68d682377739a48c272f9df1b247d601df23dfed3ed8da17153a6f26e3f7c18a21674834ee63d886f49eedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1bbf47a8c0a31ae9a94f3991f6f2697b

SHA1
3734a7ca26f76b6c997b68e216232e3eb7aa6933

SHA256
9db4bb02a34f73a7b6e22974db2796e386d14e97209250564364621aa9a38880

SHA512
cc00dc1243684258f936866e2902f90f0dd7b1e3413c2299911a9c3a1708d5f3f583fe08d51106c86bd7e831517a9f491a7c47e52ec4e7ac92d5592dc7b2f084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
8186e086a2a28ede40a0e9111422c660

SHA1
6a8e26901998bd82f42b717458798ae26cfe52fe

SHA256
f8a52af22d62dae747d862bda07e8cb021cdbdd5aa41dfa47c6582a3f3073693

SHA512
4264c9616f56a360d4ab85cae8bdd063639bd1d842701d6e66ef62762d61db10ae4daa212293b21b115282193d78754e792bf1a1e97515c83798370b4c98c70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
5680ce8bb925479ee6506acd42f4a37f

SHA1
a9cc0d667e55d92dce562aa5a6e505c1beef221b

SHA256
76b653324343475acd1371ab8f26f1c3f4167cad4567a993ad583d6f2e2a3f3f

SHA512
45220194ee02769b278b3d6cb35acafe3d69fbeb6f2157a8efff9f7b232559d5e4fb61fe523a80ea3ef78301976bce1fce989fbcea09cd1856bfc07365e89b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e01ff30b54d72c116a6ef884bcaa007e

SHA1
eb0d155d26fd16f2c0892b473b185300894152c4

SHA256
6cb03c8af23fb561151597f509a32caffb4fa5ec6a3bb20e3db1eb937e5964a6

SHA512
62c3873fb5b4cb2e610bc3ce84fde4051f7e194d9891fa105a92b3675c667f27d1e7971413eb76409e2f6b2e14fb4e755186d2d63d3aecd45b79033d62979c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bb61.TMP

Filesize
48B

MD5
ce0350630b21f2033c189525cb5b6098

SHA1
26d360adfad9665a74029408aa91098485cec443

SHA256
9d024308a2be4c2b0f9578ae3396512190c115e92193779d0bc8f7cdc0e0691d

SHA512
924ade6a247eb3e3117918e2c1cd4e1bda5b0c9a9f4533b1bac9c16af24f0ece7a578aeb8132dadbc70f5b0b610220704a166452bd387511dd1316ab317f25d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
445bb4b270c545c4fd525323e9b15147

SHA1
a72e062b86e4ff3e0e06ca211f2d42e0c2acac41

SHA256
9227c40d14a5c7d392c4a4d2c4b6762289551cbfbd11a1ec103c4f2284b2681f

SHA512
5816a9a1d4c5bf0641d6153ec6e2536f34524f4019fbbb16c94ae818a20e1a84b7815f8816ae309b8f08ae5de763cb429ab867a84e71cc264a5d039fff0d130b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1effe7a5726a4824e0a89b40c8464f62

SHA1
e1b1f9eb721025101cd354e36e69918aee682a36

SHA256
68a0ed70c82fee2f5358adc1828a14f8699759d2ea607f0b0f876d7591a055e4

SHA512
1f3dcbeb037667b834257641bca41f7e01f9f8e6c15f74bc21a132d009773e3deeb5b9721398394316555d8218fffdcb68c896cd0e9a39b4c396b9bfde7d49b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad95.TMP

Filesize
1KB

MD5
e1203bcee484012b2af3a4a65254dad9

SHA1
f1c7c0e70b5f0b1d1647caf461725821f939b822

SHA256
a478bec211764e0dbfeb9bb4028aae913dd7aa3a87f9c5ad27383884be4d51b8

SHA512
bf51d1b23eb2f1b3a5943ed64c2e6a4974d2ac8d94127e3e8817c640bf45b29bccb3d521928c79a19c2f025820ed0aeb1bdae2b557f23add7d8cc3a2333801da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
31KB

MD5
ccddc50db9790dea9e60615f40cf58f1

SHA1
64df82641aaa5c716f652631e60fd7727b949566

SHA256
18d75ddb9e745174e7b6999680f290bcac2cc6f70036c41347454ad8a781787a

SHA512
f8bfb7483b87e10e4d33238bf2a6ab629bbc2fda8b68d8c182291611d37e358ab5ef587eb35b61c48ecc4cf615ca2f0bef42daab4b017b14b63baa77b37c0643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8fd220bbc534156b49f1b90dc4f7280d

SHA1
eda88ab3bbab15b7b310a1024eace08e604b3dca

SHA256
b167c6abbc02c5eb658c825b7d3397575000215fd891f0c047a3dc75fd2d137a

SHA512
c5df3c2d534fd16c1cdf1c6575faccb1b9b00432420ce1bc97fa12cd1be739496eb4d6483fdcb6d6c17b4c46a9e8d3e023e455fcdbc86cf8b8b84c0ca5d33b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e763ee27ca6d132ce702310feb23da35

SHA1
3aca981a07fb7934ce8a4bff5cae0050d44d3cb0

SHA256
1a784d4a9231bf33d32a79d3809c12dbfa8635828c32a19d5f781a6aa156142a

SHA512
4b7cf8ce399c710206accfec65c559c941e366de26bba358c1634dbad1f004d5be92e76149127564b12b7a72c76db92db50d8300078e1cb1ea145b141a46af7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe

Filesize
107KB

MD5
de7878cded4c826fc307d65416d4cc94

SHA1
09ad392ac618c093cd48d6901ef3f374b146fcba

SHA256
d2274e8085248b6dc666b89729c157d13b7e510481615e368dba564c95229fea

SHA512
361fe7bfe23d83bcbce285d8f973969bc666503bab84f9f5513c5c9ac67167626053635c277993b1ec043f62e9a99aa6dcfc0aab96d6fc0ad8594c20ab2a5d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AZ0Oc7.exe

Filesize
62KB

MD5
193a18282d187074f1d40d5434a34cd2

SHA1
8314dac5778992aefc6a018aa5a6fb99ed9ef1a6

SHA256
a10dba9ce1a0fd5c36e3f589eb2a211152716a80474ed6a01953384e2ec39376

SHA512
4865b206097de1bd911eba72ec5ee93d6c79fd540ea7d4877b3428a4df1ff6066f7802877a149cea75eb8120d36eb3c0d354c4ffbcb677532429bc04c98c9e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AZ0Oc7.exe

Filesize
90KB

MD5
bd29e4651f20301e52015e58935ab89e

SHA1
0d9d33ed3364a62d67bc83c8e3858c975dd88d9a

SHA256
4fe8c2b140cdd0cbfc592a3fe3b1f0e83e218abf5793f0d84d4182b4fc6858a4

SHA512
bf3c27b43605efea404e9d2c016c734784b347be053c32444aa3b9e4bbf1d96e54c3e32595282005dc318107574c29000059b1d5fe18f46f949f28691e672ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cp9iY02.exe

Filesize
172KB

MD5
b457d21fb1307cb2101047ff53546989

SHA1
c8d584db0191bf48aba112c9944eae99d337a212

SHA256
3c7cf119d79370bd38fbfb696b793c090eeffced8e22ea37772d7b998918d997

SHA512
f181c4b118f0301e3bade71b3be02bab9b22db15b0d0a312eb277134ff2c2f3afe48d05d9b0c4d4a9407ef76d7221cd99218c92668dfb43366984f5a6e70c84d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cp9iY02.exe

Filesize
97KB

MD5
d9d06dbb55de7a4e855c26b1a8d020a9

SHA1
ffc545585a2228775212858ea6fee7937330e7af

SHA256
79c7ec9718a178e388c9eb2e84ad197c54fa8b63d291074606e26a2459b5c445

SHA512
f3cce66a8e5dd90109b41224fb7ad95b854b27fba56bb19042ee323fa15344e44df1d3067f76dbca22f63e324ca080a9f35531d0c8099f82f16a283a7f6a59c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so0154.exe

Filesize
200KB

MD5
02ff6743ca3a5f24488b71abaec0b071

SHA1
795aca90fc58ab5fbb711387a2c4ddc28d6a72b3

SHA256
7ddb20a83c01f38cd152264df3af3d42a4af370448590206ff332a6610548acd

SHA512
388b165a376c5088acc2df6b63121186504866930ea0e5d150bacfa3e531624cf817a51d550105923620d8d6f1baaefe03aabe5050bf65652eb64e592a6f8b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so0154.exe

Filesize
204KB

MD5
ac349c39e390079e350ac48ee1c5cc96

SHA1
dd6eb50053e31ab1fe1c1120582603a260967272

SHA256
0cf91efd3b82699277581c0351fa01a5b00c4753a1734d8ec3405b7e9931fd36

SHA512
7e98f0efa3b1be0e53651b04b7fbdb9698fe8302c872c896fb5f2b34234ded2fea159b56090582fe11f3513d43f25f83a1b6c6fb2c85bb018a4cea539dd637b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VV5Ym9.exe

Filesize
131KB

MD5
eabe8c3e821b23a8a47319ecac966034

SHA1
4e34156c31053053997dfb81115c659e70fdc997

SHA256
496e08876229e290737ced73805e4c27a62ddf01025298dac06794fe7864c931

SHA512
18a5f1e913bbd35c753ccb332e0038d2003e42c523b3dcecdceba59cf8e16e61a58c7932679db52d51ed496c6e3df9c42bd27e00ebc5fa084efa2a37ee977274

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VV5Ym9.exe

Filesize
96KB

MD5
402f6820eeb290a46fdad0060628c8fc

SHA1
b246be2f0ea0eb99f9e63c9ca4ad60b6f450ad85

SHA256
cb1c0b368a401e61df9b47b4b55b7081e9aa8df06bf70050e42097a2f5c4a9c5

SHA512
1bf49f66f36999b074e61ad9d70a7f7a680486e63aafec8eefd7e4a9525475e863b347a8437ba2aece5d5a800308794855b43f93557a8b12d1a933a2baf40477

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1aoogg4d.elb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempAVS4Iq1tLSVL715\KkICLij5smNDWeb Data

Filesize
27KB

MD5
9f23ea057d11166646492fb2bdfc1208

SHA1
ea846b804f8deca214cb1bc816c4583bf4959452

SHA256
686a851bc33e1d693594261162bbfe0458d6725d04253821d284cca3ca70c92d

SHA512
f8a9ef38f305d424016bb2014f776b6220952a5bb2ff5ba6125521cd9642f9bb318ff8054a91c26e5c4272fa66bd670f6010e2834b408c0d3119412426d0dc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempAVS4Iq1tLSVL715\m8nnL7xYNu7eWeb Data

Filesize
42KB

MD5
cb55ba1b3e4be19535ad6c34c379874f

SHA1
b9708ec45c3d9c91ff92032bd76777a14f760d8b

SHA256
e01082471e1b53323562104bc9a37c5997c31453fefde376c63ddfba08616ead

SHA512
3138ccbd98f598b1e20160f82fb478abee52a4abd44acf4f5e20ac52c8eb7d30241878e058e3ca6a07308d392ac62a81850e6c384b1491c64d27d8a2d476dea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempAVS4Iq1tLSVL715\sqlite3.dll

Filesize
78KB

MD5
2ce2266b2496c96796b9b632c0365d97

SHA1
cadcfd2e63fce94be9de075600ec763a377a4e40

SHA256
ac18a255465be6a3e944a8bc17c48032cbd08f60a121f43098637e8983d3b93c

SHA512
499de466a31d59aa65af1af4d93ab4e8128aa42465901e65770db95b3c889f3cc2a44e35704fc6eb5c9a4210ce060f8e22b464c285eecbb502404ec21c41edcf

Download Submit
memory/868-564-0x0000000000090000-0x00000000004EE000-memory.dmp

Filesize
4.4MB

Download
memory/868-38-0x0000000000090000-0x00000000004EE000-memory.dmp

Filesize
4.4MB

Download
memory/868-56-0x0000000008330000-0x00000000083A6000-memory.dmp

Filesize
472KB

Download
memory/868-409-0x0000000000090000-0x00000000004EE000-memory.dmp

Filesize
4.4MB

Download
memory/868-27-0x0000000000090000-0x00000000004EE000-memory.dmp

Filesize
4.4MB

Download
memory/868-476-0x0000000009390000-0x00000000093AE000-memory.dmp

Filesize
120KB

Download
memory/868-477-0x000000000A330000-0x000000000A684000-memory.dmp

Filesize
3.3MB

Download
memory/868-546-0x0000000000090000-0x00000000004EE000-memory.dmp

Filesize
4.4MB

Download
memory/868-541-0x0000000000090000-0x00000000004EE000-memory.dmp

Filesize
4.4MB

Download
memory/4144-109-0x0000000005E50000-0x00000000061A4000-memory.dmp

Filesize
3.3MB

Download
memory/4144-131-0x00000000705B0000-0x00000000705FC000-memory.dmp

Filesize
304KB

Download
memory/4144-206-0x0000000007970000-0x0000000007978000-memory.dmp

Filesize
32KB

Download
memory/4144-205-0x0000000007990000-0x00000000079AA000-memory.dmp

Filesize
104KB

Download
memory/4144-204-0x0000000007890000-0x00000000078A4000-memory.dmp

Filesize
80KB

Download
memory/4144-203-0x0000000007880000-0x000000000788E000-memory.dmp

Filesize
56KB

Download
memory/4144-163-0x0000000007850000-0x0000000007861000-memory.dmp

Filesize
68KB

Download
memory/4144-162-0x00000000078D0000-0x0000000007966000-memory.dmp

Filesize
600KB

Download
memory/4144-155-0x00000000076C0000-0x00000000076CA000-memory.dmp

Filesize
40KB

Download
memory/4144-145-0x0000000007440000-0x000000000745A000-memory.dmp

Filesize
104KB

Download
memory/4144-144-0x0000000007D00000-0x000000000837A000-memory.dmp

Filesize
6.5MB

Download
memory/4144-129-0x00000000068F0000-0x0000000006922000-memory.dmp

Filesize
200KB

Download
memory/4144-141-0x00000000068B0000-0x00000000068CE000-memory.dmp

Filesize
120KB

Download
memory/4144-143-0x00000000072E0000-0x0000000007383000-memory.dmp

Filesize
652KB

Download
memory/4144-142-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/4144-222-0x0000000073F20000-0x00000000746D0000-memory.dmp

Filesize
7.7MB

Download
memory/4144-130-0x000000007FC50000-0x000000007FC60000-memory.dmp

Filesize
64KB

Download
memory/4144-111-0x0000000006360000-0x00000000063AC000-memory.dmp

Filesize
304KB

Download
memory/4144-110-0x0000000006320000-0x000000000633E000-memory.dmp

Filesize
120KB

Download
memory/4144-91-0x0000000004D70000-0x0000000004DA6000-memory.dmp

Filesize
216KB

Download
memory/4144-90-0x0000000073F20000-0x00000000746D0000-memory.dmp

Filesize
7.7MB

Download
memory/4144-93-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/4144-92-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/4144-96-0x0000000005BC0000-0x0000000005C26000-memory.dmp

Filesize
408KB

Download
memory/4144-94-0x00000000053E0000-0x0000000005A08000-memory.dmp

Filesize
6.2MB

Download
memory/4144-95-0x0000000005360000-0x0000000005382000-memory.dmp

Filesize
136KB

Download
memory/4144-102-0x0000000005CE0000-0x0000000005D46000-memory.dmp

Filesize
408KB

Download
memory/4508-581-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download
memory/4508-569-0x0000000000A30000-0x0000000000B30000-memory.dmp

Filesize
1024KB

Download
memory/4508-580-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download
memory/4508-570-0x0000000002650000-0x00000000026CC000-memory.dmp

Filesize
496KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads