description	ioc	Process
File created	C:\Windows\system32\czmG\TpmInit.exe	cmd.exe
File opened for modification	C:\Windows\system32\czmG\TpmInit.exe	cmd.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell\open	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell\open	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell\open\command\ = "C:\\Windows\\system32\\cmd.exe /c C:\\Users\\Admin\\AppData\\Local\\Temp\\pFPKOn3.cmd"	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile\shell	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\MSCFile	Process not Found

pid	Process
2604	rundll32.exe
2604	rundll32.exe
2604	rundll32.exe
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found
1132	Process not Found

description	pid	Process	procid_target
PID 1132 wrote to memory of 2444	1132	Process not Found	28
PID 1132 wrote to memory of 2444	1132	Process not Found	28
PID 1132 wrote to memory of 2444	1132	Process not Found	28
PID 1132 wrote to memory of 2532	1132	Process not Found	29
PID 1132 wrote to memory of 2532	1132	Process not Found	29
PID 1132 wrote to memory of 2532	1132	Process not Found	29
PID 1132 wrote to memory of 2300	1132	Process not Found	31
PID 1132 wrote to memory of 2300	1132	Process not Found	31
PID 1132 wrote to memory of 2300	1132	Process not Found	31
PID 1132 wrote to memory of 1564	1132	Process not Found	32
PID 1132 wrote to memory of 1564	1132	Process not Found	32
PID 1132 wrote to memory of 1564	1132	Process not Found	32
PID 1132 wrote to memory of 2196	1132	Process not Found	34
PID 1132 wrote to memory of 2196	1132	Process not Found	34
PID 1132 wrote to memory of 2196	1132	Process not Found	34
PID 2196 wrote to memory of 304	2196	eventvwr.exe	35
PID 2196 wrote to memory of 304	2196	eventvwr.exe	35
PID 2196 wrote to memory of 304	2196	eventvwr.exe	35
PID 304 wrote to memory of 1672	304	cmd.exe	37
PID 304 wrote to memory of 1672	304	cmd.exe	37
PID 304 wrote to memory of 1672	304	cmd.exe	37
PID 1132 wrote to memory of 592	1132	Process not Found	40
PID 1132 wrote to memory of 592	1132	Process not Found	40
PID 1132 wrote to memory of 592	1132	Process not Found	40
PID 592 wrote to memory of 984	592	cmd.exe	42
PID 592 wrote to memory of 984	592	cmd.exe	42
PID 592 wrote to memory of 984	592	cmd.exe	42
PID 1132 wrote to memory of 1280	1132	Process not Found	43
PID 1132 wrote to memory of 1280	1132	Process not Found	43
PID 1132 wrote to memory of 1280	1132	Process not Found	43
PID 1280 wrote to memory of 3052	1280	cmd.exe	45
PID 1280 wrote to memory of 3052	1280	cmd.exe	45
PID 1280 wrote to memory of 3052	1280	cmd.exe	45
PID 1132 wrote to memory of 2772	1132	Process not Found	46
PID 1132 wrote to memory of 2772	1132	Process not Found	46
PID 1132 wrote to memory of 2772	1132	Process not Found	46
PID 2772 wrote to memory of 2144	2772	cmd.exe	48
PID 2772 wrote to memory of 2144	2772	cmd.exe	48
PID 2772 wrote to memory of 2144	2772	cmd.exe	48
PID 1132 wrote to memory of 2368	1132	Process not Found	49
PID 1132 wrote to memory of 2368	1132	Process not Found	49
PID 1132 wrote to memory of 2368	1132	Process not Found	49
PID 2368 wrote to memory of 2692	2368	cmd.exe	51
PID 2368 wrote to memory of 2692	2368	cmd.exe	51
PID 2368 wrote to memory of 2692	2368	cmd.exe	51
PID 1132 wrote to memory of 2880	1132	Process not Found	52
PID 1132 wrote to memory of 2880	1132	Process not Found	52
PID 1132 wrote to memory of 2880	1132	Process not Found	52
PID 2880 wrote to memory of 1716	2880	cmd.exe	54
PID 2880 wrote to memory of 1716	2880	cmd.exe	54
PID 2880 wrote to memory of 1716	2880	cmd.exe	54
PID 1132 wrote to memory of 2224	1132	Process not Found	55
PID 1132 wrote to memory of 2224	1132	Process not Found	55
PID 1132 wrote to memory of 2224	1132	Process not Found	55
PID 2224 wrote to memory of 1260	2224	cmd.exe	57
PID 2224 wrote to memory of 1260	2224	cmd.exe	57
PID 2224 wrote to memory of 1260	2224	cmd.exe	57

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads