pid	Process
208	Chrome.exe
3848	Chrome.exe
4548	Chrome.exe
164	Chrome.exe
652	Chrome.exe
4400	Chrome.exe
2264	Chrome.exe
4408	Chrome.exe
3360	Chrome.exe
3568	Chrome.exe
1308	Chrome.exe
4236	Chrome.exe
5112	Chrome.exe
2284	Chrome.exe
4220	Chrome.exe
2292	Chrome.exe
2720	Chrome.exe
4164	Chrome.exe
4644	Chrome.exe
2584	Chrome.exe
3316	Chrome.exe
524	Chrome.exe
860	Chrome.exe
4072	Chrome.exe
3160	Chrome.exe
4420	Chrome.exe
4140	Chrome.exe
224	Chrome.exe
356	Chrome.exe
780	Chrome.exe
3700	Chrome.exe
4812	Chrome.exe
2460	Chrome.exe
1988	Chrome.exe
2316	Chrome.exe
2476	Chrome.exe
4376	Chrome.exe
5060	Chrome.exe
1932	Chrome.exe
1832	Chrome.exe
4996	Chrome.exe
2320	Chrome.exe
600	Chrome.exe
748	Chrome.exe
3552	Chrome.exe
3672	Chrome.exe
4648	Chrome.exe
4296	Chrome.exe
708	Chrome.exe
4896	Chrome.exe
4272	Chrome.exe
3320	Chrome.exe
3904	Chrome.exe
200	Chrome.exe
1568	Chrome.exe
1080	Chrome.exe
2108	Chrome.exe
1688	Chrome.exe
2496	Chrome.exe
1404	Chrome.exe
4376	Chrome.exe
4544	Chrome.exe
2056	Chrome.exe
4560	Chrome.exe

description	pid	Process	procid_target
PID 208 set thread context of 4548	208	Chrome.exe	79
PID 3848 set thread context of 164	3848	Chrome.exe	78
PID 652 set thread context of 4400	652	Chrome.exe	82
PID 2264 set thread context of 4408	2264	Chrome.exe	86
PID 3360 set thread context of 3568	3360	Chrome.exe	90
PID 1308 set thread context of 4236	1308	Chrome.exe	94
PID 5112 set thread context of 2284	5112	Chrome.exe	101
PID 4220 set thread context of 2292	4220	Chrome.exe	104
PID 2720 set thread context of 4164	2720	Chrome.exe	107
PID 4644 set thread context of 2584	4644	Chrome.exe	110
PID 3316 set thread context of 524	3316	Chrome.exe	113
PID 860 set thread context of 4072	860	Chrome.exe	116
PID 3160 set thread context of 4420	3160	Chrome.exe	120
PID 4140 set thread context of 224	4140	Chrome.exe	123
PID 356 set thread context of 780	356	Chrome.exe	126
PID 3700 set thread context of 4812	3700	Chrome.exe	130
PID 2460 set thread context of 1988	2460	Chrome.exe	133
PID 2316 set thread context of 2476	2316	Chrome.exe	136
PID 4376 set thread context of 5060	4376	Chrome.exe	139
PID 1932 set thread context of 1832	1932	Chrome.exe	143
PID 4996 set thread context of 2320	4996	Chrome.exe	146
PID 600 set thread context of 748	600	Chrome.exe	149
PID 3552 set thread context of 3672	3552	Chrome.exe	152
PID 4648 set thread context of 4296	4648	Chrome.exe	269
PID 708 set thread context of 4896	708	Chrome.exe	159
PID 4272 set thread context of 3320	4272	Chrome.exe	162
PID 3904 set thread context of 200	3904	Chrome.exe	166
PID 1568 set thread context of 1080	1568	Chrome.exe	169
PID 2108 set thread context of 1688	2108	Chrome.exe	173
PID 2496 set thread context of 1404	2496	Chrome.exe	353
PID 4376 set thread context of 4544	4376	Chrome.exe	179
PID 2056 set thread context of 4560	2056	Chrome.exe	183
PID 4912 set thread context of 1360	4912	Chrome.exe	186
PID 424 set thread context of 4488	424	Chrome.exe	189
PID 3316 set thread context of 4644	3316	Chrome.exe	192
PID 344 set thread context of 2996	344	Chrome.exe	196
PID 4112 set thread context of 4824	4112	Chrome.exe	199
PID 4412 set thread context of 2368	4412	Chrome.exe	203
PID 4736 set thread context of 1088	4736	Chrome.exe	206
PID 820 set thread context of 3360	820	Chrome.exe	318
PID 2260 set thread context of 5092	2260	Chrome.exe	213
PID 2256 set thread context of 2668	2256	Chrome.exe	216
PID 3180 set thread context of 440	3180	Chrome.exe	326
PID 2460 set thread context of 536	2460	Chrome.exe	433
PID 4936 set thread context of 2244	4936	Chrome.exe	225
PID 4648 set thread context of 4148	4648	Chrome.exe	452
PID 2248 set thread context of 2800	2248	Chrome.exe	231
PID 1424 set thread context of 4212	1424	Chrome.exe	431
PID 4200 set thread context of 1428	4200	Chrome.exe	237
PID 164 set thread context of 2392	164	Chrome.exe	241
PID 4888 set thread context of 3644	4888	Chrome.exe	244
PID 208 set thread context of 4344	208	Chrome.exe	247
PID 960 set thread context of 2096	960	Chrome.exe	251
PID 2252 set thread context of 3832	2252	Chrome.exe	254
PID 2336 set thread context of 4220	2336	Chrome.exe	257
PID 4032 set thread context of 1716	4032	Chrome.exe	520
PID 2748 set thread context of 3316	2748	Chrome.exe	264
PID 3236 set thread context of 3232	3236	Chrome.exe	267
PID 4296 set thread context of 3848	4296	Chrome.exe	270
PID 5080 set thread context of 1356	5080	Chrome.exe	615
PID 3608 set thread context of 2076	3608	Chrome.exe	453
PID 1720 set thread context of 1108	1720	Chrome.exe	535
PID 3496 set thread context of 4800	3496	Chrome.exe	282
PID 2340 set thread context of 4384	2340	Chrome.exe	543

description	ioc	Process
File created	C:\Program Files (x86)\DPI Service\dpisvc.exe	Chrome.exe
File opened for modification	C:\Program Files (x86)\DPI Service\dpisvc.exe	Chrome.exe

pid	pid_target	Process	procid_target
2056	4236	WerFault.exe	94
3548	3568	WerFault.exe	90
5108	4072	WerFault.exe	116
1080	780	WerFault.exe	126
1816	5060	WerFault.exe	139
3368	3672	WerFault.exe	152
4804	3320	WerFault.exe	162
2368	1080	WerFault.exe	169
1308	4544	WerFault.exe	179
3356	4644	WerFault.exe	192
1376	4824	WerFault.exe	199
2136	1088	WerFault.exe	206
4460	1428	WerFault.exe	237
3328	4344	WerFault.exe	247
4224	4220	WerFault.exe	257
4904	2720	WerFault.exe	300
2792	5108	WerFault.exe	304
2104	1988	WerFault.exe	311
2832	524	WerFault.exe	321
208	4408	WerFault.exe	343
4292	2152	WerFault.exe	347
4132	1512	WerFault.exe	363
2104	4628	WerFault.exe	370
2744	4688	WerFault.exe	386
4268	2056	WerFault.exe	399
3120	2832	WerFault.exe	412
1960	3556	WerFault.exe	416
1308	5096	WerFault.exe	420
3476	4272	WerFault.exe	436
1360	1404	WerFault.exe	446
5076	1100	WerFault.exe	468
4388	820	WerFault.exe	481
3140	3972	WerFault.exe	494
600	4216	WerFault.exe	504
2364	2296	WerFault.exe	514
3176	5076	WerFault.exe	527
1308	3684	WerFault.exe	540
1272	3648	WerFault.exe	577
1172	208	WerFault.exe	602
3088	1356	WerFault.exe	615
4520	164	WerFault.exe	622
224	960	WerFault.exe	653
4324	3552	WerFault.exe	660
1936	3424	WerFault.exe	667
4124	4084	WerFault.exe	680
4240	4892	WerFault.exe	684
2248	4708	WerFault.exe	697
516	2096	WerFault.exe	707
2900	4016	WerFault.exe	717
2776	1944	WerFault.exe	727
4532	2884	WerFault.exe	734
2488	1084	WerFault.exe	750
2748	2672	WerFault.exe	754
2564	2392	WerFault.exe	761
4808	4636	WerFault.exe	768
1308	4956	WerFault.exe	781
4684	3476	WerFault.exe	806
2336	3316	WerFault.exe	810
3688	1908	WerFault.exe	814
4912	4616	WerFault.exe	821
704	2312	WerFault.exe	825
1964	1272	WerFault.exe	829
2532	1308	WerFault.exe	833
436	3008	WerFault.exe	852

description	pid	Process
Token: SeDebugPrivilege	3848	Chrome.exe
Token: SeDebugPrivilege	208	Chrome.exe
Token: SeDebugPrivilege	652	Chrome.exe
Token: SeDebugPrivilege	2264	Chrome.exe
Token: SeDebugPrivilege	3360	Chrome.exe
Token: SeDebugPrivilege	1308	Chrome.exe
Token: SeDebugPrivilege	5112	Chrome.exe
Token: SeDebugPrivilege	4400	Chrome.exe
Token: SeDebugPrivilege	4220	Chrome.exe
Token: SeDebugPrivilege	2720	Chrome.exe
Token: SeDebugPrivilege	4644	Chrome.exe
Token: SeDebugPrivilege	3316	Chrome.exe
Token: SeDebugPrivilege	860	Chrome.exe
Token: SeDebugPrivilege	3160	Chrome.exe
Token: SeDebugPrivilege	4140	Chrome.exe
Token: SeDebugPrivilege	356	Chrome.exe
Token: SeDebugPrivilege	3700	Chrome.exe
Token: SeDebugPrivilege	2460	Chrome.exe
Token: SeDebugPrivilege	2316	Chrome.exe
Token: SeDebugPrivilege	4376	Chrome.exe
Token: SeDebugPrivilege	1932	Chrome.exe
Token: SeDebugPrivilege	4996	Chrome.exe
Token: SeDebugPrivilege	600	Chrome.exe
Token: SeDebugPrivilege	3552	Chrome.exe
Token: SeDebugPrivilege	4648	Chrome.exe
Token: SeDebugPrivilege	708	Chrome.exe
Token: SeDebugPrivilege	4272	Chrome.exe
Token: SeDebugPrivilege	3904	Chrome.exe
Token: SeDebugPrivilege	1568	Chrome.exe
Token: SeDebugPrivilege	2108	Chrome.exe
Token: SeDebugPrivilege	2496	Chrome.exe
Token: SeDebugPrivilege	4376	Chrome.exe
Token: SeDebugPrivilege	2056	Chrome.exe
Token: SeDebugPrivilege	4912	Chrome.exe
Token: SeDebugPrivilege	424	Chrome.exe
Token: SeDebugPrivilege	3316	Chrome.exe
Token: SeDebugPrivilege	344	Chrome.exe
Token: SeDebugPrivilege	4112	Chrome.exe
Token: SeDebugPrivilege	4412	Chrome.exe
Token: SeDebugPrivilege	4736	Chrome.exe
Token: SeDebugPrivilege	820	Chrome.exe
Token: SeDebugPrivilege	2260	Chrome.exe
Token: SeDebugPrivilege	2256	Chrome.exe
Token: SeDebugPrivilege	3180	Chrome.exe
Token: SeDebugPrivilege	2460	Chrome.exe
Token: SeDebugPrivilege	4936	Chrome.exe
Token: SeDebugPrivilege	4648	Chrome.exe
Token: SeDebugPrivilege	2248	Chrome.exe
Token: SeDebugPrivilege	1424	Chrome.exe
Token: SeDebugPrivilege	4200	Chrome.exe
Token: SeDebugPrivilege	164	Chrome.exe
Token: SeDebugPrivilege	4888	Chrome.exe
Token: SeDebugPrivilege	208	Chrome.exe
Token: SeDebugPrivilege	960	Chrome.exe
Token: SeDebugPrivilege	2252	Chrome.exe
Token: SeDebugPrivilege	2336	Chrome.exe
Token: SeDebugPrivilege	4032	Chrome.exe
Token: SeDebugPrivilege	2748	Chrome.exe
Token: SeDebugPrivilege	3236	Chrome.exe
Token: SeDebugPrivilege	4296	Chrome.exe
Token: SeDebugPrivilege	5080	Chrome.exe
Token: SeDebugPrivilege	3608	Chrome.exe
Token: SeDebugPrivilege	1720	Chrome.exe
Token: SeDebugPrivilege	3496	Chrome.exe

description	pid	Process	procid_target
PID 4684 wrote to memory of 3424	4684	Setup.exe	74
PID 4684 wrote to memory of 3424	4684	Setup.exe	74
PID 4684 wrote to memory of 3424	4684	Setup.exe	74
PID 4684 wrote to memory of 208	4684	Setup.exe	75
PID 4684 wrote to memory of 208	4684	Setup.exe	75
PID 4684 wrote to memory of 208	4684	Setup.exe	75
PID 3424 wrote to memory of 1344	3424	Setup.exe	76
PID 3424 wrote to memory of 1344	3424	Setup.exe	76
PID 3424 wrote to memory of 1344	3424	Setup.exe	76
PID 3424 wrote to memory of 3848	3424	Setup.exe	77
PID 3424 wrote to memory of 3848	3424	Setup.exe	77
PID 3424 wrote to memory of 3848	3424	Setup.exe	77
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 3848 wrote to memory of 164	3848	Chrome.exe	78
PID 208 wrote to memory of 4548	208	Chrome.exe	79
PID 1344 wrote to memory of 3644	1344	Setup.exe	80
PID 1344 wrote to memory of 3644	1344	Setup.exe	80
PID 1344 wrote to memory of 3644	1344	Setup.exe	80
PID 1344 wrote to memory of 652	1344	Setup.exe	81
PID 1344 wrote to memory of 652	1344	Setup.exe	81
PID 1344 wrote to memory of 652	1344	Setup.exe	81
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 652 wrote to memory of 4400	652	Chrome.exe	82
PID 3644 wrote to memory of 2260	3644	Setup.exe	83
PID 3644 wrote to memory of 2260	3644	Setup.exe	83
PID 3644 wrote to memory of 2260	3644	Setup.exe	83
PID 3644 wrote to memory of 2264	3644	Setup.exe	84
PID 3644 wrote to memory of 2264	3644	Setup.exe	84
PID 3644 wrote to memory of 2264	3644	Setup.exe	84
PID 4400 wrote to memory of 3832	4400	Chrome.exe	85
PID 4400 wrote to memory of 3832	4400	Chrome.exe	85
PID 4400 wrote to memory of 3832	4400	Chrome.exe	85
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2264 wrote to memory of 4408	2264	Chrome.exe	86
PID 2260 wrote to memory of 684	2260	Setup.exe	88
PID 2260 wrote to memory of 684	2260	Setup.exe	88
PID 2260 wrote to memory of 684	2260	Setup.exe	88
PID 2260 wrote to memory of 3360	2260	Setup.exe	89
PID 2260 wrote to memory of 3360	2260	Setup.exe	89

pid	Process
3832	schtasks.exe
352	schtasks.exe

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads