Malware Analysis Report

2024-08-06 13:23

Sample ID 240616-cb8wcaydkr
Target ab95b07eeb30a98ec33aa2cb0c8d7929.bin
SHA256 d7d7ee33a95fb43312bf1ebe4e7a106ddfb5ef80097137cc2c87a014acc7e629
Tags
azorult infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d7d7ee33a95fb43312bf1ebe4e7a106ddfb5ef80097137cc2c87a014acc7e629

Threat Level: Known bad

The file ab95b07eeb30a98ec33aa2cb0c8d7929.bin was found to be: Known bad.

Malicious Activity Summary

azorult infostealer trojan

Azorult

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 01:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 01:55

Reported

2024-06-16 01:57

Platform

win7-20240508-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe"

Signatures

Azorult

trojan infostealer azorult

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1608 set thread context of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1608 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 1608 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 1608 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 1608 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 1608 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 1608 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 1608 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe

"C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe"

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:CreateProcessW

C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe

"C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe"

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtUnmapViewOfSection

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:VirtualAllocEx

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:GetThreadContext

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:SetThreadContext

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:ResumeThread

Network

Country Destination Domain Proto
US 8.8.8.8:53 888security.ru udp
US 8.8.8.8:53 888security.ru udp

Files

\Users\Admin\AppData\Local\Temp\gPointer.exe

MD5 e527bfc4146d390d4c83f44f5b92d628
SHA1 01238dd13d9d794ad8293cee82dcff85b6a832e8
SHA256 0ed922eaf201e55093c5150d028424d63847117adbfe6d786f453ddd9169846f
SHA512 75fe52afa1b8304f856844ad7d303e5413fc0ce8d61609bb61add1f666b3524412a53a3ffaf46fdaa0a4951a5efae80837202b3bdd0300cbace2707cd8a423e8

C:\Users\Admin\AppData\Local\Temp\CreateProcessW

MD5 b798ea601db51b42f305952d9110b519
SHA1 5b613ee7bc06ee513c2cedaaa0f72fd4c660c4a9
SHA256 911fb7514c2b8fad9decf80072f4e73f93372c86ffa24d08b756d8000843d1bb
SHA512 2a548d935531b2e4355064aa5283eeac3f72f3835d8804c0b99cf597a766d46b4e7646c534e9598b43a1a4e2ba908c06d8ec757dbf7c3fc19711674fe4ace370

C:\Users\Admin\AppData\Local\Temp\NtUnmapViewOfSection

MD5 4058813fd91ff52e9836842b49783315
SHA1 9cb956c5a54d3b2000b150fa172a676d70db18da
SHA256 7619e6f7f711cc7783f7284d044d14b8c6fa8cde856cd02d08fde61f1b32093e
SHA512 3bc7cbc0b5b0282d1c11635db08c4c0efa5b7ae52f9a33662da5b212ee178e6fb76ac747d9c9ae49c6b6494dc367fa73bd9f2a90bac766f23677b938ba3cd467

C:\Users\Admin\AppData\Local\Temp\NtWriteVirtualMemory

MD5 6cb28b918e07a9ea341ffd16de2291ad
SHA1 e8e56ac461d22c6ea225e1c1d52ef58147733280
SHA256 a5c9283d23f592c364eebd54aa7b5bbdeb87b44de563c47e38cd664830c35683
SHA512 5ffdada94238351726101fdcc28083df3ed894ea16711d5cef9a503a27fcae629be2eeab3f8be6d590f2084fc3fc8cb3a4d467f91824a677497ca4a9d962906f

C:\Users\Admin\AppData\Local\Temp\VirtualAllocEx

MD5 1ecac93c8c605a122996ff9bb497b799
SHA1 f1e5a31b76fa6ee8aa5867e040b3d810855fa66f
SHA256 a8405420da93a958bb727ccf352ad0e9a0576c5751c01b57e9644dbd15d3da04
SHA512 c13c6d647fcc4d01bc90a3cfee7377089a61a3ed794d596c034f2fbd195f5e76f7831396d374e1c000d5b020cb66779ee0c7039b22e1742e1a06a394d8c03471

memory/2588-347-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2588-357-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2588-356-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2588-358-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2588-359-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2588-360-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 01:55

Reported

2024-06-16 01:57

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe"

Signatures

Azorult

trojan infostealer azorult

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2176 set thread context of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gPointer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2176 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 2176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 2176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 2176 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 2176 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe
PID 2176 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe
PID 2176 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe C:\Users\Admin\AppData\Local\Temp\gPointer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe

"C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe"

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:CreateProcessW

C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe

"C:\Users\Admin\AppData\Local\Temp\ab95b07eeb30a98ec33aa2cb0c8d7929.exe"

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtUnmapViewOfSection

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:VirtualAllocEx

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:GetThreadContext

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe NTDLL:NtWriteVirtualMemory

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:SetThreadContext

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

C:\Users\Admin\AppData\Local\Temp\gPointer.exe KERNEL32:ResumeThread

Network

Country Destination Domain Proto
US 8.8.8.8:53 888security.ru udp
US 8.8.8.8:53 888security.ru udp

Files

C:\Users\Admin\AppData\Local\Temp\gPointer.exe

MD5 e527bfc4146d390d4c83f44f5b92d628
SHA1 01238dd13d9d794ad8293cee82dcff85b6a832e8
SHA256 0ed922eaf201e55093c5150d028424d63847117adbfe6d786f453ddd9169846f
SHA512 75fe52afa1b8304f856844ad7d303e5413fc0ce8d61609bb61add1f666b3524412a53a3ffaf46fdaa0a4951a5efae80837202b3bdd0300cbace2707cd8a423e8

C:\Users\Admin\AppData\Local\Temp\CreateProcessW

MD5 635571f6c69a0ef1f8b6178bf44313de
SHA1 4b1e51cd117e7f472598bf8e829382614d22282b
SHA256 85e052601722d3efe177c473972c8981dc6301fa4dead9da7ecfe0943e1849f0
SHA512 36a18903f507f274a82beed740e0c86cfee3dc403a2fb02ee07d063f31ad01352cf32f6e99baf613d319900c16a48d4fd572f998a674f3e673d7bca2d9b1b9fc

C:\Users\Admin\AppData\Local\Temp\NtUnmapViewOfSection

MD5 173cc4a3e7f1d68feca73197709337c7
SHA1 cfdc8e81dd8f445fab6060b9821e4c0c3a4034b2
SHA256 98923047d73f72c81b85730033877468f483c3915ddfb5114c5abefa7079103f
SHA512 a6d34458b8ce136e224dd67700d7356392ef787f5dc0a4c0c6d2d929c27520f535ef363c1d973a3db5183bec9d9f90872c231534a1537b074789c0d7c196395c

C:\Users\Admin\AppData\Local\Temp\NtWriteVirtualMemory

MD5 fd88ec4f0384a50cc78589eb2285f92d
SHA1 cd208c3ee7c48923b54cfa1f9da9ba632a917251
SHA256 2666f422416ebd4e857ce7cb3acd21c7e902a410018619a0b5e64e295a3fbc56
SHA512 efd78ee93ecb010ec4e29559441aed69da6a5b24256da41cb8e1690f0061da2295b49535f3b8e9182271aeab58ce60d0bf0333987cc9e87e8cc2843c29f6ed89

C:\Users\Admin\AppData\Local\Temp\VirtualAllocEx

MD5 401884e935c8f2a5551e279a5b7c3432
SHA1 fb6c99667196d9dd1d417f3bde849f87eeadeaca
SHA256 388e3e39901a976ca4bd39139f6f0943bd4ed00a858b35653acda26eaca09706
SHA512 5d5369802bfe7449f2a0c063d5afaaa0bee0397f674a2092fa84f451bf6824d853b48659facd8fd0dde4c0aace8efc51841d23626e65014f685231911995d9eb

memory/5012-188-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5012-193-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5012-194-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5012-195-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5012-196-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5012-197-0x0000000000400000-0x0000000000420000-memory.dmp