a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
Size

26KB
MD5

b1d285f2920b52df533cefca953e7ef9
SHA1

0736764baa53aa8f8543784d481c2b0fe2ce3767
SHA256

a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce
SHA512

dfac344861eaddca3bcab60fb8304a559250cfeb598a8c768fa6461396c238f6ec579b8257461b5e7981c59ca59d6818f810ae8d00b8e2baab4dce3df2bc6da5
SSDEEP

768:bf1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:bNfgLdQAQfcfymN

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\T:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\J:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\G:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\E:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\W:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\Y:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\X:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\M:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\L:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\K:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\I:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\Z:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\Q:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\P:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\O:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\H:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\R:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\S:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\N:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened (read-only)	\??\V:	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Windows Sidebar\en-US\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Microsoft Office\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\fr-FR\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jfr\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\ja-JP\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\de-DE\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ja-JP\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Java\jre7\lib\applet\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1704	1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe	28
PID 1600 wrote to memory of 1704	1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe	28
PID 1600 wrote to memory of 1704	1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe	28
PID 1600 wrote to memory of 1704	1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe	28
PID 1704 wrote to memory of 2516	1704	net.exe	30
PID 1704 wrote to memory of 2516	1704	net.exe	30
PID 1704 wrote to memory of 2516	1704	net.exe	30
PID 1704 wrote to memory of 2516	1704	net.exe	30
PID 1600 wrote to memory of 1088	1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe	18
PID 1600 wrote to memory of 1088	1600	a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe	18

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1088
- C:\Users\Admin\AppData\Local\Temp\a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe
  "C:\Users\Admin\AppData\Local\Temp\a1b1b79cb55fe601685b4c8cef29ff05d2e27e5dda9b9bd9d92b5258790dd1ce.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1704
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
10e927db6aae50e89fcb4d441d9e27e1

SHA1
6a2250c03aba8fe7a9c388742db5ac4e473fa178

SHA256
a68e60f5bc35fdb50525110f44ad636498278629d38a3854369e9a93ed70ee19

SHA512
1d6c8b2d48403d037fc31ffeee690ca956ed8595671e1400c8dad69347ac0749d94498b00feec325575d98d300c0694d0083ca7e2e72a124ff45e9f74dd09227

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
956KB

MD5
4e0ff1a33ed3565a46a65ac80afb614a

SHA1
e7640d9a00e5252475d8a3f9b7c8bb6378689aa9

SHA256
9b32295d784a2c44949b5be7f34867a0bc53d29b16b5bd305362fbd1c85302ed

SHA512
e3d14027d330828cb85fbd3e1683404175d5e91347f65cf84db1a692295f1bb09213a96d21b63a47b29c7f3c4e38eb750a02cdac8fd4be1e23825565bfb209fc

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2248906074-2862704502-246302768-1000\_desktop.ini

Filesize
9B

MD5
95b3e5fe04e8423c49a7f69a5d13771f

SHA1
615b63fb8bf07dbb0565ffd492067309645064c9

SHA256
1663db9b496c87701f6c8f6721e92994ffdd747f949ab1070fd844c4d63fb916

SHA512
d9a0d342e84c32d4c0aee97be7b9a102963d1aeab7edd87b080548f7dd144d851c558e6706bec441534d8e188938655c2b551e358d342309677511404a34ce81

Download Submit
memory/1088-5-0x0000000003060000-0x0000000003061000-memory.dmp

Filesize
4KB

Download
memory/1600-66-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-72-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-650-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-1825-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-14-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-2335-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-3285-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-7-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download