44358c2aef7d41aa55758d909041c9b1a3ae050c44466dadada33bdffdda34aa

Analysis

max time kernel
140s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.gamingroot
Size

28B
MD5

4e2042aabd9ff2d19007754d03b09229
SHA1

a8bb3f9491ee357df22e000cb2b380def473a8cb
SHA256

44358c2aef7d41aa55758d909041c9b1a3ae050c44466dadada33bdffdda34aa
SHA512

0d24fe92daf9396a52ac22e309af94e4f8cdf73d5807fa199e1ccd774d61fd24ba79fbf89fbfa6cd3d1a24bd17615e0fdfdd0cdc32fa92a303b2eff09a7be511

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2016	Winword.exe
2016	Winword.exe
3256	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
3416	OpenWith.exe
1136	OpenWith.exe
2348	OpenWith.exe
3256	OpenWith.exe
3916	OpenWith.exe
3256	vlc.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2644	firefox.exe
Token: SeDebugPrivilege	2644	firefox.exe
Token: SeDebugPrivilege	2644	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe
3256	vlc.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
1136	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 4696	3416	OpenWith.exe	80
PID 3416 wrote to memory of 4696	3416	OpenWith.exe	80
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 4696 wrote to memory of 2644	4696	firefox.exe	83
PID 2644 wrote to memory of 396	2644	firefox.exe	84
PID 2644 wrote to memory of 396	2644	firefox.exe	84
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 4108	2644	firefox.exe	85
PID 2644 wrote to memory of 2480	2644	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.gamingroot
1⤵
- Modifies registry class
PID:3624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\.gamingroot"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\.gamingroot
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.0.1541148521\510965009" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1796 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07231c92-4a8b-4bb6-b5c0-80a8e2d05f89} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1904 20e92ef0758 gpu
      4⤵
      PID:396
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.1.1708789991\1757511021" -parentBuildID 20221007134813 -prefsHandle 2272 -prefMapHandle 2260 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f05eab59-eed5-4503-822d-3f391700874a} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 2300 20e86e73258 socket
      4⤵
      Checks processor information in registry
      PID:4108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.2.1404184586\1399422299" -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3308 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3653d985-8355-40b9-ad53-5e7b69a27302} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3320 20e98242958 tab
      4⤵
      PID:2480
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.3.655111486\1708183946" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8ca3c3e-eaa2-4618-a99c-734d40a382e4} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3508 20e86e62058 tab
      4⤵
      PID:1072
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.6.1533289182\526809906" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {093f448f-faa7-4ae0-9bc7-6f1565d0d602} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 5384 20e9ae41558 tab
      4⤵
      PID:3476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.5.1636821568\867916969" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef78440f-dfa8-4292-ab10-25bd48f40797} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 5192 20e9ae3ee58 tab
      4⤵
      PID:2992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.4.858068843\257495542" -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 4424 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cec87e02-82d8-4e2f-a715-bda1e4df5847} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 5048 20e9ae27658 tab
      4⤵
      PID:4604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\index.gamingroot"
  2⤵
  PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\index.gamingroot
    3⤵
    - Checks processor information in registry
    PID:412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2348
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\index.gamingroot"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  PID:4872
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:2400
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=94BC416DCE3FFED4BF57B6210259DB1B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=94BC416DCE3FFED4BF57B6210259DB1B --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:3140
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC6614798D6383CC4FC7E481FC328B68 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4232
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=141042B0B3D8A0FE8F7C17D5BB141B5A --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3844
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5544636A9B2E419274B4736811F92637 --mojo-platform-channel-handle=2120 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DBC01922B253CDFAF7CF916CF7B2DF73 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3256
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\index.gamingroot"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  PID:2016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3916
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\index.gamingroot"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
231B

MD5
9d15d23d21935aea0119457de3068bcc

SHA1
e4244c24f817f08e57dec7e4c016aadbfbedf843

SHA256
a2d2cb6c3fd2a7fc965c6abb0740ec8de38c4bf3b60c0c662be76fd71e9c35ce

SHA512
b24a918783b997b1ba966c221dee991bf0605baebc3f993a2cc5410fe65a322efdd58dabbcb5e57a39cf6c4e9cbce2c08bba16e954dfd1a93e3a5db0997d78b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1784a5f8b8d618000c64e324f93ca9ff

SHA1
48a6cd45ca66fbc3d7d1e54da879b3d6c46f113c

SHA256
b2aba28abca24d9442fec7723eb7f5771ae78d0b749a0d701fcdbe2d236d7c30

SHA512
4ffb17369c8361099b77a267f5809994fc271c97b96ce01b6b1b4699c63a1137db3e8defbd3c6edd5a4429ee27cb1979853ea8337fd786840f981c5bfd01f1e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\pending_pings\61f40651-2ec0-4ea4-830c-b04bd80ab4ae

Filesize
11KB

MD5
6564e6745eefa27b0c56cfad075f40c6

SHA1
510844f6a92b5254bcb1b4f28614530119bfff67

SHA256
b88dce67327a624f124f423fcfdfcd0c146ddb482102f8568c4d9abcff75207d

SHA512
87a1b51fee269119d4e05523f9e84f589a21323521613fd521c90334d750b2e76263410d24459935a410eff6440b587266a036d321a4dc06e9cc1966f578afb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\pending_pings\9b99fc80-0a6b-495c-8761-cd3c30a63768

Filesize
746B

MD5
7170c8078dcd3bc701afcbdd231c3f71

SHA1
f13cfd797640d217389651a365111cd3f4fce8f0

SHA256
af233e592435402351bb01c10852aa03b9f15fd5d07f3cf7c848f08f717ea0e5

SHA512
7d86b0ec5633908a0b3cf6bcf31841f582161d13aad259087080d683819597a9a52f10a12cb6a83055dcf5ca8bd208a3e7e4c15ed8d9ccab779ef826e2af4083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js

Filesize
6KB

MD5
637567a6feed579a1e0fb76f5409c830

SHA1
26a7c25b16b800a5f89fc2cd0cded221671b4f49

SHA256
a2ff945753ba25c10869f5440b2867f2613bb813f767d10a8f47709b42c49a5b

SHA512
757214b96a4eb249b969804945b6c1f8c731b76bd1d2c21ce0223091cde74836a5390a07a3613fb9644b55b30b29ddb8fe5553c7edd4f9bc3dc218767c99ebbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4529533fcb0bb824805827dd1903a2a4

SHA1
8d8bba35bddf33b01bb9aacb3bc483083f246325

SHA256
c39d023dcdee77695d1734d265624d3fffa69d6309d238ea8b2f8dfcc9b3c317

SHA512
58d136b2ce2231aecfa6088c946237644beb39557c9dc0f84d88c4ab00b699fdd6d9f11c23957c777f4b2cfe6729eaf5831a61d7a8fd60a2cfbf1cd5f0011a5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bcc42ff47e5e941fa0c7e2792f3e4792

SHA1
320d8b9ea2bfc4c98be4c8f08970299ff14062b1

SHA256
7ae2aa20c10564f8fa9d238e9827269ca39c4803855d77acaf663de94eeedb75

SHA512
55ea525deff19e75d19a02c9c0370de47a42346150011244b0c8501f2ceb84dbcb90281067c503f9480eb23e2989bf7c10a75620d8733f59d452f32f752dec0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore.jsonlz4

Filesize
728B

MD5
0638c8008bb80a0459723f52e1595d7c

SHA1
5843bbd2477e9acd05bdba51ad9019ec60daee8e

SHA256
b30f573c65c7f35a2ef98ed7ae554773da7455cbc1d55ddbd48e06d5b13170aa

SHA512
32f3ec0cc421cb5f4003dbdbd9b3328ed973001a609cb4351a1e7942dc49217f8b3ca30afc26139c648138cb28a13e0ae2e55913aaf6de2fd63a4fd6f550ed4f

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
79B

MD5
d747c6cb8d4cda3fa6e90f853d17fbb4

SHA1
c79f91801cefb6e39a478456e0bdac96576ab8d4

SHA256
47bf47c6533dbcb98484117975fb702b4fd9037f850b849b2df3012daa8c28ad

SHA512
b2785c5fb0677dd677ebd0f2ca81c40cc2e2798c100749b064763868ce48860a6877acc8a4391919752666d6acb0597ca761357c5a433ff1d2a6a1eac41c23ba

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
03f039bb2dfd8a0ed44760130e10f9f6

SHA1
956d86918c06912fe41c06735cfe3706f721ea96

SHA256
a1685834a0a99bd1d94eac822ab16fec9f2676098ad7b71423bc71d4bb7873c5

SHA512
85fdbc7db2932a269998aa86b8e4ecb75e346a8414f118299417317ac49119ec3ac88212669141af02e1cc63a0e7bfef2473f3e50d170cddb08dcac8bb565abd

Download Submit
C:\Users\Admin\Downloads\mSjduybP.part

Filesize
28B

MD5
4e2042aabd9ff2d19007754d03b09229

SHA1
a8bb3f9491ee357df22e000cb2b380def473a8cb

SHA256
44358c2aef7d41aa55758d909041c9b1a3ae050c44466dadada33bdffdda34aa

SHA512
0d24fe92daf9396a52ac22e309af94e4f8cdf73d5807fa199e1ccd774d61fd24ba79fbf89fbfa6cd3d1a24bd17615e0fdfdd0cdc32fa92a303b2eff09a7be511

Download Submit
memory/2016-183-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-192-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-179-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-175-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-173-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-180-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-181-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-182-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-177-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-185-0x00007FF97BED0000-0x00007FF97BEE0000-memory.dmp

Filesize
64KB

Download
memory/2016-186-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-187-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-188-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-190-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-191-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-176-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-195-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-194-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-196-0x00007FF9BC780000-0x00007FF9BC83D000-memory.dmp

Filesize
756KB

Download
memory/2016-193-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-189-0x00007FF97BED0000-0x00007FF97BEE0000-memory.dmp

Filesize
64KB

Download
memory/2016-184-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-228-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-229-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-230-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-231-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-233-0x00007FF9BC780000-0x00007FF9BC83D000-memory.dmp

Filesize
756KB

Download
memory/2016-232-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-178-0x00007FF9BE0E0000-0x00007FF9BE2E9000-memory.dmp

Filesize
2.0MB

Download
memory/2016-174-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/2016-172-0x00007FF97E170000-0x00007FF97E180000-memory.dmp

Filesize
64KB

Download
memory/3256-257-0x00007FF99DB70000-0x00007FF99DB87000-memory.dmp

Filesize
92KB

Download
memory/3256-299-0x00007FF999910000-0x00007FF999921000-memory.dmp

Filesize
68KB

Download
memory/3256-258-0x00007FF99B930000-0x00007FF99B941000-memory.dmp

Filesize
68KB

Download
memory/3256-260-0x00007FF99B8F0000-0x00007FF99B901000-memory.dmp

Filesize
68KB

Download
memory/3256-263-0x000001A4CF870000-0x000001A4D091B000-memory.dmp

Filesize
16.7MB

Download
memory/3256-271-0x00007FF99A4F0000-0x00007FF99A508000-memory.dmp

Filesize
96KB

Download
memory/3256-274-0x00007FF99A3E0000-0x00007FF99A44F000-memory.dmp

Filesize
444KB

Download
memory/3256-277-0x00007FF99A330000-0x00007FF99A358000-memory.dmp

Filesize
160KB

Download
memory/3256-278-0x00007FF99A300000-0x00007FF99A324000-memory.dmp

Filesize
144KB

Download
memory/3256-281-0x00007FF99A290000-0x00007FF99A2A1000-memory.dmp

Filesize
68KB

Download
memory/3256-282-0x00007FF99A270000-0x00007FF99A282000-memory.dmp

Filesize
72KB

Download
memory/3256-280-0x00007FF99A2B0000-0x00007FF99A2D3000-memory.dmp

Filesize
140KB

Download
memory/3256-283-0x00007FF99A240000-0x00007FF99A261000-memory.dmp

Filesize
132KB

Download
memory/3256-285-0x00007FF99A200000-0x00007FF99A212000-memory.dmp

Filesize
72KB

Download
memory/3256-284-0x00007FF99A220000-0x00007FF99A233000-memory.dmp

Filesize
76KB

Download
memory/3256-286-0x00007FF99A0C0000-0x00007FF99A1FB000-memory.dmp

Filesize
1.2MB

Download
memory/3256-287-0x00007FF99A090000-0x00007FF99A0BC000-memory.dmp

Filesize
176KB

Download
memory/3256-279-0x00007FF99A2E0000-0x00007FF99A2F7000-memory.dmp

Filesize
92KB

Download
memory/3256-291-0x00007FF999DB0000-0x00007FF999E47000-memory.dmp

Filesize
604KB

Download
memory/3256-293-0x00007FF999B50000-0x00007FF999D81000-memory.dmp

Filesize
2.2MB

Download
memory/3256-294-0x00007FF999A30000-0x00007FF999B42000-memory.dmp

Filesize
1.1MB

Download
memory/3256-295-0x00007FF9999F0000-0x00007FF999A25000-memory.dmp

Filesize
212KB

Download
memory/3256-296-0x00007FF9999C0000-0x00007FF9999E5000-memory.dmp

Filesize
148KB

Download
memory/3256-298-0x00007FF999930000-0x00007FF999991000-memory.dmp

Filesize
388KB

Download
memory/3256-297-0x00007FF9999A0000-0x00007FF9999B1000-memory.dmp

Filesize
68KB

Download
memory/3256-259-0x00007FF99B910000-0x00007FF99B92D000-memory.dmp

Filesize
116KB

Download
memory/3256-300-0x00007FF9998F0000-0x00007FF999902000-memory.dmp

Filesize
72KB

Download
memory/3256-292-0x00007FF999D90000-0x00007FF999DA2000-memory.dmp

Filesize
72KB

Download
memory/3256-302-0x00007FF999830000-0x00007FF9998CF000-memory.dmp

Filesize
636KB

Download
memory/3256-301-0x00007FF9998D0000-0x00007FF9998E3000-memory.dmp

Filesize
76KB

Download
memory/3256-290-0x00007FF999E50000-0x00007FF999E61000-memory.dmp

Filesize
68KB

Download
memory/3256-288-0x00007FF999ED0000-0x00007FF99A082000-memory.dmp

Filesize
1.7MB

Download
memory/3256-289-0x00007FF999E70000-0x00007FF999ECC000-memory.dmp

Filesize
368KB

Download
memory/3256-275-0x00007FF99A3C0000-0x00007FF99A3D1000-memory.dmp

Filesize
68KB

Download
memory/3256-276-0x00007FF99A360000-0x00007FF99A3B6000-memory.dmp

Filesize
344KB

Download
memory/3256-273-0x00007FF99A450000-0x00007FF99A4B7000-memory.dmp

Filesize
412KB

Download
memory/3256-272-0x00007FF99A4C0000-0x00007FF99A4F0000-memory.dmp

Filesize
192KB

Download
memory/3256-270-0x00007FF99A510000-0x00007FF99A521000-memory.dmp

Filesize
68KB

Download
memory/3256-269-0x00007FF99A530000-0x00007FF99A54B000-memory.dmp

Filesize
108KB

Download
memory/3256-268-0x00007FF99A550000-0x00007FF99A561000-memory.dmp

Filesize
68KB

Download
memory/3256-267-0x00007FF99A570000-0x00007FF99A581000-memory.dmp

Filesize
68KB

Download
memory/3256-266-0x00007FF99A590000-0x00007FF99A5A1000-memory.dmp

Filesize
68KB

Download
memory/3256-265-0x00007FF99A5B0000-0x00007FF99A5C8000-memory.dmp

Filesize
96KB

Download
memory/3256-264-0x00007FF99A5D0000-0x00007FF99A5F1000-memory.dmp

Filesize
132KB

Download
memory/3256-256-0x00007FF99DB90000-0x00007FF99DBA1000-memory.dmp

Filesize
68KB

Download
memory/3256-255-0x00007FF9A3690000-0x00007FF9A36A7000-memory.dmp

Filesize
92KB

Download
memory/3256-254-0x00007FF9A89A0000-0x00007FF9A89B8000-memory.dmp

Filesize
96KB

Download
memory/3256-262-0x00007FF99B6B0000-0x00007FF99B6EF000-memory.dmp

Filesize
252KB

Download
memory/3256-261-0x00007FF99B6F0000-0x00007FF99B8F0000-memory.dmp

Filesize
2.0MB

Download
memory/3256-253-0x00007FF99B950000-0x00007FF99BC04000-memory.dmp

Filesize
2.7MB

Download
memory/3256-251-0x00007FF63A3F0000-0x00007FF63A4E8000-memory.dmp

Filesize
992KB

Download
memory/3256-252-0x00007FF9A3620000-0x00007FF9A3654000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads